Bug 2011822

Summary: Obfuscation doesn't work at clusters with OVN
Product: OpenShift Container Platform Reporter: Serhii Zakharov <szakharo>
Component: Insights OperatorAssignee: Serhii Zakharov <szakharo>
Status: CLOSED ERRATA QA Contact: Dmitry Misharov <dmisharo>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.10CC: aos-bugs, inecas, mklika, tremes
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The current opt-in obfuscation doesn't work at clusters with OVN. It manifests as: operator.go:112] Unable to create anonymizer, some data won't be anonymized(ipv4 and cluster base domain). The error is the server could not find the requested resource (get hostsubnets.network.openshift.io) The problem is that the OVN clusters don't seem to have any "HostSubnet" resource. This is JIRA tracker for https://bugzilla.redhat.com/show_bug.cgi?id=2009322
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:17:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2014633    

Description Serhii Zakharov 2021-10-07 13:29:07 UTC 
The current opt-in obfuscation doesn't work at clusters with OVN. It manifests as:

operator.go:112] Unable to create anonymizer, some data won't be anonymized(ipv4 and cluster base domain). The error is the server could not find the requested resource (get hostsubnets.network.openshift.io)

The problem is that the OVN clusters don't seem to have any "HostSubnet" resource. This is JIRA tracker for https://bugzilla.redhat.com/show_bug.cgi?id=2009322
Comment 2 Dmitry Misharov 2021-10-18 09:33:36 UTC 
Verified on 4.10.0-0.nightly-2021-10-16-173656.

1. Enable obfuscation https://docs.openshift.com/container-platform/4.9/support/remote_health_monitoring/remote-health-reporting-from-restricted-network.html
2. Restart Insights Operator
3. Check Insights Operator logs

There is no error "Unable to create anonymizer, some data won't be anonymized"

4. Check if "obfuscation-translation-table" secret exists in "openshift-insights" namespace.
Comment 5 errata-xmlrpc 2022-03-10 16:17:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056