Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1758528

Summary: [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG
Product: OpenShift Container Platform Reporter: Luis Tomas Bolivar <ltomasbo>
Component: NetworkingAssignee: Luis Tomas Bolivar <ltomasbo>
Networking sub component: kuryr QA Contact: Jon Uriarte <juriarte>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: unspecified CC: juriarte
Version: 4.2.0Keywords: Triaged
Target Milestone: ---   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1758533 (view as bug list) Environment:
Last Closed: 2020-05-13 21:26:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1758533    

Description Luis Tomas Bolivar 2019-10-04 12:51:28 UTC 
When deleting a Network Policy, its associated kuryrnetworkpolicy object and the OpenStack SG must be deleted too.

However, there is a problem when deleting the SG associated to the knp object as it can be associated to the ports created for the pools. When deleting the network policy, the affected pod gets their associated OpenStack ports SG updated, but the ports on the pools (which are not associated to any pod yet) are not updated.


Steps to Reproduce:
1. Create namespace
2. Create pod
3. Create NP affecting pod
4. Delete pod
5. Wait around 20 seconds for the pod's port to become part of the pool
6. Delete NP

Actual results:
knp is leftover and NP associated SG


Expected results:
knp is deleted as well as the NP associated SG
Comment 2 Jon Uriarte 2019-10-18 08:14:48 UTC 
Verified on OCP 4.3.0-0.nightly-2019-10-17-061631 build on top of OSP 13 2019-10-01.1 puddle.

release image: registry.svc.ci.openshift.org/ocp/release@sha256:2cafe25ec1ed2dfdec361cde13b4461d2a30194d0b41fbd1c6d3fad5ab34ca05

After running related K8s NP upstream tests there are no KNP leftovers, as well as no security groups associated to them.
Comment 4 errata-xmlrpc 2020-05-13 21:26:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062