Bug 2060334
| Summary: | Azure VNET lookup fails when the NIC subnet is in a different resource group | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | David Newman <dnewman> |
| Component: | Networking | Assignee: | Ben Bennett <bbennett> |
| Networking sub component: | openshift-sdn | QA Contact: | Mike Fiedler <mifiedle> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | unspecified | CC: | mifiedle, travi |
| Version: | 4.10 | Keywords: | ServiceDeliveryImpact |
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-10 10:52:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2062133 | ||
@dnewman I successfully upgraded 4.10.4 to latest 4.11 with this bz fix with network resources in their own rg.
oc get infrastructures.config.openshift.io cluster -ojsonpath='{.status.platformStatus}' | jq
{
"azure": {
"cloudName": "AzurePublicCloud",
"networkResourceGroupName": "mifiedle-315f-rg",
"resourceGroupName": "mifiedle-315f-kdjxg-rg"
},
"type": "Azure"
}
I also see the egressip annotation:
metadata:
annotations:
cloud.network.openshift.io/egress-ipconfig: '[{"interface":"mifiedle-315f-kdjxg-worker-southcentralus1-lv5h4-nic","ifaddr":{"ipv4":"10.0.0.0/16"},"capacity":{"ip":255}}]'
Anything else I should be looking for?
@mifiedle nope, that looks good to me, because before the fix the lookup would failed and the annotation would not have been added. Verified on 4.11.0-0.nightly-2022-03-15-060211. See comment 3 for details. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |
Description of problem: In setups where the network resources, VNET and subnets, are in a different resource group to the cluster resources, i.e. the NIC in this instance, the VNET lookup fails. $ oc get infrastructures.config.openshift.io cluster -ojsonpath='{.status.platformStatus}' | jq { "azure": { "cloudName": "AzurePublicCloud", "networkResourceGroupName": "v4-eastus", "resourceGroupName": "aro-dnewman-test-4-10" }, "type": "Azure" } the error message that is being logged is: "The Resource 'Microsoft.Network/virtualNetworks/dev-vnet' under resource group 'aro-dnewman-test-4-10' was not found", because it is in the 'v4-eastus' resource group. Version-Release number of selected component (if applicable): $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-rc.6 True False 29h Cluster version is 4.10.0-rc.6 How reproducible: Fails every time the VNET is not in the same resource group as the VM NIC. Steps to Reproduce: Upgrade an ARO cluster from 4.9 to 4.10 or any OCP cluster with the allocated VNET in a different resource group. Actual results: The nodes are never annotated with 'cloud.network.openshift.io/egress-ipconfig' information. Expected results: The nodes get the 'cloud.network.openshift.io/egress-ipconfig' annotations with the subnets and IP capacities. Additional info: I have created a PR that uses the subnet ID to parse the allocated resource group that fixes the issue.