Bug 1878725

Summary: Kury CNI init container image is missing iptables package
Product: OpenShift Container Platform Reporter: Maysa Macedo <mdemaced>
Component: NetworkingAssignee: Maysa Macedo <mdemaced>
Networking sub component: kuryr QA Contact: GenadiC <gcheresh>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: ltomasbo, rheinzma, rlobillo, wsun
Version: 4.6Keywords: TestBlocker, TestBlockerForLayeredProduct
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:40:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1867534, 1875491, 1876566    

Description Maysa Macedo 2020-09-14 12:01:45 UTC 
Description of problem:

Installation with Kuryr can not progress because Kuryr CNI Pods are on Init:CrashLoopBackOff as iptables is not available on the container image.

NAME                                READY   STATUS                  RESTARTS   AGE
kuryr-cni-cvc4v                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-sxmwk                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-zjcj8                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-controller-849cf66f44-sq6fq   1/1     Running                 0          89m

[core@ostest-7tlmj-master-0 ~]$ sudo crictl logs 7775399bed756
+ iptables -A OUTPUT -p tcp -m tcp --dport 22623 -j REJECT
/bin/sh: line 5: iptables: command not found

Version-Release number of selected component (if applicable):

4.6.0-0.nightly-2020-09-12-164537

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 rlobillo 2020-09-17 15:03:08 UTC 
Verified on 4.6.0-0.nightly-2020-09-17-073141 over OSP RHOS-16.1-RHEL-8-20200903.n.0

OCP installed succesfully:

$ tail ~/ostest/.openshift_install.log 
time="2020-09-17T12:26:09Z" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
time="2020-09-17T12:26:09Z" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
time="2020-09-17T12:26:09Z" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"TpCD6-fNLgQ-Di3JN-SGhMX\""
time="2020-09-17T12:26:09Z" level=debug msg="Time elapsed per stage:"
time="2020-09-17T12:26:09Z" level=debug msg="    Infrastructure: 1m52s"
time="2020-09-17T12:26:09Z" level=debug msg="Bootstrap Complete: 18m27s"
time="2020-09-17T12:26:09Z" level=debug msg="               API: 4m3s"
time="2020-09-17T12:26:09Z" level=debug msg=" Bootstrap Destroy: 42s"
time="2020-09-17T12:26:09Z" level=debug msg=" Cluster Operators: 23m5s"
time="2020-09-17T12:26:09Z" level=info msg="Time elapsed: 46m41s"
Comment 5 errata-xmlrpc 2020-10-27 16:40:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196