Bug 1990928

Summary: Whereabouts fails in 4.9 due to missing RBAC for leases
Product: OpenShift Container Platform Reporter: Douglas Smith <dosmith>
Component: NetworkingAssignee: Douglas Smith <dosmith>
Networking sub component: multus QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: high CC: weliang, zzhao
Version: 4.9Keywords: FastFix
Target Milestone: ---   
Target Release: 4.8.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1989734
: 1990932 (view as bug list) Environment:
Last Closed: 2021-09-21 08:01:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1989734    
Bug Blocks: 1990932    

Description Douglas Smith 2021-08-06 15:23:35 UTC 
+++ This bug was initially created as a clone of Bug #1989734 +++

Description of problem: Whereabouts fails


Version-Release number of selected component (if applicable): 4.9


How reproducible: Always.


Steps to Reproduce:
1. Create net-attach-def using whereabouts, such as:

```
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-conf
spec:
  config: '{
      "cniVersion": "0.3.0",
      "type": "macvlan",
      "master": "ens4",
      "mode": "bridge",
      "ipam": {
        "type": "whereabouts",
        "range": "198.18.0.0/15"
      }
    }'
```

2. Create some pods that reference it:

```
```

3. If the pods do not come up, you've encountered it. If the pods come up, it's working.

Actual results: Pods don't come up.


Expected results: Pods come up (with properly assigned IPs)

--- Additional comment from Douglas Smith on 2021-08-03 20:03:39 UTC ---

Missing from step #2 above:

```
apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: whereabouts-test
  labels:
    app: whereabouts-test
    tier: whereabouts-test
spec:
  # modify replicas according to your case
  replicas: 3
  selector:
    matchLabels:
      tier: whereabouts-test
  template:
    metadata:
      labels:
        tier: whereabouts-test
      annotations:
        k8s.v1.cni.cncf.io/networks: macvlan-conf
    spec:
      containers:
      - name: samplepod
        command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
        image: quay.io/dougbtv/alpine:latest
```
Comment 1 zhaozhanqi 2021-09-08 03:00:48 UTC 
Tested this with cluster bot launch openshift/cluster-network-operator#1185 aws



$ oc get net-attach-def 
NAME                         AGE
macvlan-bridge-whereabouts   13m
[zzhao@dhcp-140-240 whereabouts]$ oc get net-attach-def -o yaml
apiVersion: v1
items:
- apiVersion: k8s.cni.cncf.io/v1
  kind: NetworkAttachmentDefinition
  metadata:
    creationTimestamp: "2021-09-08T02:46:35Z"
    generation: 1
    name: macvlan-bridge-whereabouts
    namespace: z1
    resourceVersion: "38675"
    uid: 61a77c80-4cb0-4433-84e5-eae27659400e
  spec:
    config: '{ "cniVersion": "0.3.1", "name": "whereabouts", "type": "macvlan", "master":
      "ens3", "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.2.225/28"
      } }'
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""


$ oc exec -n z1 test-pod -- ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8951 qdisc noqueue state UP group default 
    link/ether 0a:58:0a:81:02:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.129.2.19/23 brd 10.129.3.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::10d6:57ff:fe09:79ed/64 scope link 
       valid_lft forever preferred_lft forever
4: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default 
    link/ether 4a:96:bb:f0:c6:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.2.225/28 brd 192.168.2.239 scope global net1
       valid_lft forever preferred_lft forever
    inet6 fe80::4896:bbff:fef0:c6fe/64 scope link 
       valid_lft forever preferred_lft forever
Comment 3 Weibin Liang 2021-09-10 14:08:28 UTC 
According to the test results in comment 1, mark this bug to be verifified.
Comment 6 errata-xmlrpc 2021-09-21 08:01:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.12 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3511