Bug 1951158

Summary: Egress Router CRD missing Addresses entry
Product: OpenShift Container Platform Reporter: Weibin Liang <weliang>
Component: NetworkingAssignee: Mohamed Mahmoud <mmahmoud>
Networking sub component: ovn-kubernetes QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: medium CC: astoycos, zzhao
Version: 4.8Keywords: TestBlocker
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 23:01:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Weibin Liang 2021-04-19 17:02:31 UTC 
Description of problem:
Egress Router CRD missing Addresses entry

Version-Release number of selected component (if applicable):
4.8.0-0.nightly-2021-04-19-071934

How reproducible:
Always

Steps to Reproduce:
[weliang@weliang Config]$ oc new-project test
Now using project "test" on server "https://api.weliang-193.qe.devcluster.openshift.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app rails-postgresql-example

to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname

[weliang@weliang Config]$ oc create -f test2.yaml 
egressrouter.network.operator.openshift.io/egress-router-test created
[weliang@weliang Config]$ oc get all
No resources found in test namespace.
[weliang@weliang Config]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2021-04-19-071934   True        False         63m     Cluster version is 4.8.0-0.nightly-2021-04-19-071934
[weliang@weliang Config]$ oc get net-attach-def
No resources found in test namespace.


Actual results:
check cno logs
error rendering manifests: failed to render manifest bindata/egress-router/000-nad.yaml: template: bindata/egress-router/000-nad.yaml:16:11: executing "bindata/egress-router/000-nad.yaml" at <.Addresses>: map has no entry for key "Addresses"

Expected results:
egress router pod and NAD should be created without any errors

Additional info:
Comment 4 Weibin Liang 2021-05-14 15:20:13 UTC 
[weliang@weliang Config]$ cat test2.yaml 
apiVersion: network.operator.openshift.io/v1
kind: EgressRouter
metadata:
  name: egress-router-test
spec:
  addresses: [
    {
      ip: "192.168.3.10",
      gateway: "192.168.3.1",
    },
  ]
  mode: Redirect
  redirect: {
    redirectRules: [
      {
        destinationIP: "203.0.113.25",
        port: 65,
        protocol: TCP,
        targetPort: 75
      },
      {
        destinationIP: "203.0.113.26",
        port: 65535,
        protocol: SCTP,
      },
      {
        destinationIP: "203.0.113.27",
        port: 65534,
        protocol: UDP,
      },
    ],
    fallbackIP: "203.0.113.28"
  }[weliang@weliang Config]$ oc get all
No resources found in test namespace.
[weliang@weliang Config]$ oc create -f test2.yaml 
egressrouter.network.operator.openshift.io/egress-router-test created
[weliang@weliang Config]$ oc get all
No resources found in test namespace.
[weliang@weliang Config]$
Comment 5 Weibin Liang 2021-05-14 15:43:29 UTC 
apiVersion: network.operator.openshift.io/v1
kind: EgressRouter
metadata:
  name: egress-router-test
spec:
  addresses: [
    {
      ip: "192.168.3.10",
      gateway: "192.168.3.1",
    },
  ]
  mode: Redirect
  redirect: {
    redirectRules: [
      {
        destinationIP: "10.100.3.0",
        port: 80,
        protocol: UDP,
      },
      {
        destinationIP: "203.0.113.26",
        port: 8080,
        protocol: TCP,
        targetPort: 80
      },
      {
        destinationIP: "203.0.113.27",
        port: 8443,
        protocol: TCP,
        targetPort: 443
      },
    ]
  }
Comment 6 zhaozhanqi 2021-05-20 10:49:02 UTC 
since this bug block testing.  raise the severity to urgent.
Comment 8 zhaozhanqi 2021-06-02 08:44:10 UTC 
seems this issue still happen when creating above test2.yaml on cluster version 4.8.0-0.nightly-2021-06-01-231204


see the CNO logs:

I0602 08:40:38.067364       1 log.go:184] reconciling (apps/v1, Kind=Deployment) openshift-network-diagnostics/network-check-source
I0602 08:40:38.088712       1 log.go:184] update was successful
I0602 08:40:38.088803       1 log.go:184] reconciling (/v1, Kind=Service) openshift-network-diagnostics/network-check-source
I0602 08:40:38.111546       1 log.go:184] update was successful
I0602 08:40:38.111638       1 log.go:184] reconciling (monitoring.coreos.com/v1, Kind=ServiceMonitor) openshift-network-diagnostics/network-check-source
I0602 08:40:38.118881       1 log.go:184] reconciling (apps/v1, Kind=DaemonSet) openshift-network-diagnostics/network-check-target
I0602 08:40:38.174860       1 log.go:184] update was successful
I0602 08:40:38.174958       1 log.go:184] reconciling (/v1, Kind=Service) openshift-network-diagnostics/network-check-target
I0602 08:40:38.294331       1 log.go:184] update was successful
I0602 08:41:05.775401       1 egress_router_controller.go:91] Reconciling egressrouter.network.operator.openshift.io z2/egress-router-test
I0602 08:41:05.775482       1 egress_router_controller.go:116] Creating a new Egress Router
E0602 08:41:05.775510       1 egress_router_controller.go:239] invalid CIDR address: 192.168.3.10
E0602 08:41:05.776500       1 egress_router_controller.go:131] error rendering manifests: failed to render manifest bindata/egress-router/000-nad.yaml: template: bindata/egress-router/000-nad.yaml:16:11: executing "bindata/egress-router/000-nad.yaml" at <.Addresses>: map has no entry for key "Addresses"
I0602 08:41:05.785443       1 egress_router_controller.go:91] Reconciling egressrouter.network.operator.openshift.io z2/egress-router-test
I0602 08:41:05.785525       1 egress_router_controller.go:116] Creating a new Egress Router
E0602 08:41:05.785545       1 egress_router_controller.go:239] invalid CIDR address: 192.168.3.10
E0602 08:41:05.786246       1 egress_router_controller.go:131] error rendering manifests: failed to render manifest bindata/egress-router/000-nad.yaml: template: bindata/egress-router/000-nad.yaml:16:11: executing "bindata/egress-router/000-nad.yaml" at <.Addresses>: map has no entry for key "Addresses"
I0602 08:41:05.799521       1 egress_router_controller.go:91] Reconciling egressrouter.network.operator.openshift.io z2/egress-router-test
Comment 9 Mohamed Mahmoud 2021-06-02 12:05:53 UTC 
(In reply to zhaozhanqi from comment #8)
> seems this issue still happen when creating above test2.yaml on cluster
> version 4.8.0-0.nightly-2021-06-01-231204
> 
> 
> see the CNO logs:
> 
> I0602 08:40:38.067364       1 log.go:184] reconciling (apps/v1,
> Kind=Deployment) openshift-network-diagnostics/network-check-source
> I0602 08:40:38.088712       1 log.go:184] update was successful
> I0602 08:40:38.088803       1 log.go:184] reconciling (/v1, Kind=Service)
> openshift-network-diagnostics/network-check-source
> I0602 08:40:38.111546       1 log.go:184] update was successful
> I0602 08:40:38.111638       1 log.go:184] reconciling
> (monitoring.coreos.com/v1, Kind=ServiceMonitor)
> openshift-network-diagnostics/network-check-source
> I0602 08:40:38.118881       1 log.go:184] reconciling (apps/v1,
> Kind=DaemonSet) openshift-network-diagnostics/network-check-target
> I0602 08:40:38.174860       1 log.go:184] update was successful
> I0602 08:40:38.174958       1 log.go:184] reconciling (/v1, Kind=Service)
> openshift-network-diagnostics/network-check-target
> I0602 08:40:38.294331       1 log.go:184] update was successful
> I0602 08:41:05.775401       1 egress_router_controller.go:91] Reconciling
> egressrouter.network.operator.openshift.io z2/egress-router-test
> I0602 08:41:05.775482       1 egress_router_controller.go:116] Creating a
> new Egress Router
> E0602 08:41:05.775510       1 egress_router_controller.go:239] invalid CIDR
> address: 192.168.3.10
> E0602 08:41:05.776500       1 egress_router_controller.go:131] error
> rendering manifests: failed to render manifest
> bindata/egress-router/000-nad.yaml: template:
> bindata/egress-router/000-nad.yaml:16:11: executing
> "bindata/egress-router/000-nad.yaml" at <.Addresses>: map has no entry for
> key "Addresses"
> I0602 08:41:05.785443       1 egress_router_controller.go:91] Reconciling
> egressrouter.network.operator.openshift.io z2/egress-router-test
> I0602 08:41:05.785525       1 egress_router_controller.go:116] Creating a
> new Egress Router
> E0602 08:41:05.785545       1 egress_router_controller.go:239] invalid CIDR
> address: 192.168.3.10
> E0602 08:41:05.786246       1 egress_router_controller.go:131] error
> rendering manifests: failed to render manifest
> bindata/egress-router/000-nad.yaml: template:
> bindata/egress-router/000-nad.yaml:16:11: executing
> "bindata/egress-router/000-nad.yaml" at <.Addresses>: map has no entry for
> key "Addresses"
> I0602 08:41:05.799521       1 egress_router_controller.go:91] Reconciling
> egressrouter.network.operator.openshift.io z2/egress-router-test

pls check the updated doc the IP addr need to CIDR format
Comment 11 Weibin Liang 2021-06-02 14:38:33 UTC 
Testing still failed in 4.8.0-0.nightly-2021-06-02-025513

With CIDR configured:
[weliang@weliang ~]$ oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/test2.yaml
The EgressRouter "egress-router-test" is invalid: 
* <nil>: Invalid value: "": "spec.addresses.ip" must validate at least one schema (anyOf)
* spec.addresses.ip: Invalid value: "192.168.3.10/24": spec.addresses.ip in body must be of type ipv4: "192.168.3.10/24"

Without CIDR configred:
[weliang@weliang ~]$ oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/test2.yaml
egressrouter.network.operator.openshift.io/egress-router-test created
[weliang@weliang ~]$ oc get all
No resources found in test namespace.

Seems merged codes are not in the nightly image yet.
Comment 13 Weibin Liang 2021-06-07 15:01:10 UTC 
Tested and verified in 4.8.0-0.nightly-2021-06-03-221810, new nightly code can not reproduce this bug.

But the EgressRoute pod can not be up and Running which is a different issue and reported in https://bugzilla.redhat.com/show_bug.cgi?id=1968567
Comment 16 errata-xmlrpc 2021-07-27 23:01:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438