Bug 1830098

Summary: Alert ClusterIPTablesStale and NodeIPTablesStale fire continuously on a cluster that has no chanegs
Product: OpenShift Container Platform Reporter: Clayton Coleman <ccoleman>
Component: NetworkingAssignee: Casey Callendrello <cdc>
Networking sub component: openshift-sdn QA Contact: zhaozhanqi <zzhao>
Status: CLOSED DUPLICATE Docs Contact:
Severity: high    
Priority: unspecified CC: cdc, dcbw
Version: 4.5   
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-06 16:32:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Clayton Coleman 2020-04-30 20:27:13 UTC 
1. Launch 4.5 cluster
2. Do nothing
3. See ClusterIPTablesStale and NodeIPTablesStale alerts fire

It appears that iptables no longer syncs when no changes happen, which means these alerts will fire when no changes happen OR when the proxy breaks.

The alerts need to be updated or changed (or proxy needs to refresh the timestamp anyway).

Blocks 4.5 GA because we can't ship a product that fires alerts at idle.
Comment 1 Dan Williams 2020-04-30 20:36:09 UTC 
I think Casey had a related upstream PR merge to kube last week: https://github.com/kubernetes/kubernetes/pull/90175
Comment 2 Casey Callendrello 2020-05-06 14:33:29 UTC 
Working on this. Almost done. Needed an upstream change.
Comment 3 Casey Callendrello 2020-05-06 16:32:12 UTC 

*** This bug has been marked as a duplicate of bug 1826339 ***