Bug 2192936

Summary: Console not accessible /w ovs-multitenant plugin enabled without manually enabling global pod networking
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Anton Mark <amark>
Component: documentationAssignee: Kusuma <kbg>
Status: VERIFIED --- QA Contact: Neha Berry <nberry>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.10CC: asriram, ebenahar, kbg, odf-bz-bot, olakra, oviner, skatiyar
Target Milestone: ---Flags: skatiyar: needinfo? (olakra)
kbg: needinfo? (amark)
Target Release: ODF 4.14.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anton Mark 2023-05-03 15:33:46 UTC 
Description of problem (please be detailed as possible and provide log
snippests):
Console not accessible /w ovs-multitenant plugin enabled without manually enabling global pod networking

Version of all relevant components (if applicable):
Seen on OCP/ODF 4.10, but likely all versions apply.

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Installation of ODF 

Is there any workaround available to the best of your knowledge?
Manually enable global pod networking for ODF project. Example:
$ oc adm pod-network make-projects-global openshift-storage

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Unknown

Steps to Reproduce:
1. Setup OCP cluster with ovs-multitenant plugin enabled.
2. Install ODF operator.


Actual results:
Console unavailble and errors in console pod logs.

GET request for "odf-console" plugin failed: Get "https://odf-console-service.openshift-storage.svc.cluster.local:9001/locales/en/plugin__odf-console.json": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Expected results:
Operator likely should be aware of this and automatically set global pod networking for openshift-storage project, or this likely should be documented somewhere.

Additional info:
None.
Comment 2 Sanjal Katiyar 2023-05-05 07:17:18 UTC 
Hi,

In OCP when "ovs-multitenant" plugin is used for SDN, Pods from different projects cannot send packets to or receive packets from pods and services of a different project, meaning by default pods can not communicate between namespaces/projects (https://docs.openshift.com/container-platform/3.11/architecture/networking/sdn.html).

OCP's "console" pod in the "openshift-console" namespace needs to connect with the ODF's "odf-console" pod in the "openshift-storage" namespace in order to fetch the UI assets and display them as a part of OCP. This is by design and can happen for any dynamic plugin (odf-console is just one example of a dynamic plugin).

So, for starters this should be documented in Openshift docs as well (if not already).
We already have KCS guide: https://access.redhat.com/solutions/6988169 so we are good here.
Last part is ODF docs @olakra can you please take a look, is this something which can we added to our (ODF) docs ??



Also, @Anton just clarity sake, can you please confirm that customer was only facing issue with "odf-console" pod in "openshift-storage" namespace and all other ODF pieces like OCS/Rook/Noobaa were up and running successfully (before applying the workaorund) ??
Comment 5 Sanjal Katiyar 2023-05-19 08:19:52 UTC 
I am moving this to documentation side !
Thanks.
Comment 9 Oded 2023-06-12 14:47:15 UTC 
Added relevant section to doc "Chapter 14. Accessing odf-console with the ovs-multitenant plugin by manually enabling global pod networking"

https://dxp-docp-prod.apps.ext-waf.spoke.prod.us-west-2.aws.paas.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html-single/troubleshooting_openshift_data_foundation/index?lb_target=preview#accessing-odf-console-with-ovs-multitenant-plugin-by-manually-enabling-global-pod-networking_rhodf