This bug was initially created as a copy of Bug #1719653 I am copying this bug because: Description of problem: If I follow the documentation[1] to install an OpenShift 4 cluster with network mode Multitenant the installation fails, attached my cluster-network-03-config.yml. Because api server can not connect to etcd. [1] https://docs.openshift.com/container-platform/4.1/installing/installing_aws/installing-aws-network-customizations.html#modifying-nwoperator-config-startup_installing-aws-network-customizations Version-Release number of selected component (if applicable): $ openshift-install version openshift-install v4.1.0-201905212232-dirty built from commit 71d8978039726046929729ad15302973e3da18ce release image quay.io/openshift-release-dev/ocp-release@sha256:b8307ac0f3ec4ac86c3f3b52846425205022da52c16f56ec31cbe428501001d6 How reproducible: Install ocp4 with cluster-network-03-config.yml follow the documentation [1] Steps to Reproduce: 1. 2. 3. Actual results: Installation fails. API Server can not connect to etcd server: $ oc debug apiserver-p48hk $ curl -k -I --connect-timeout 1 https://etcd.openshift-etcd.svc:2379/ curl: (28) Resolving timed out after 1510 milliseconds Expected results: Installation pass. API Server can connect to etcd server: $ oc rsh apiserver-nf7hx $ curl -k -I --connect-timeout 1 https://etcd.openshift-etcd.svc:2379/ curl: (58) NSS: client certificate not found (nickname not specified) Additional info: oc get netnamespaces | grep -E '(openshift-apiserver|openshift-etcd) ' openshift-apiserver 1 openshift-etcd 3025533 It looks like openshift-etcd should use the netid 1.
https://github.com/openshift/cluster-network-operator/pull/225
Verified this bug on 4.1.0-0.nightly-2019-07-18-023612 using 'multitenant' mode to setup the env, the cluster can work well. [root@preserve-zzhao 0718]# oc get clusternetwork NAME CLUSTER NETWORK SERVICE NETWORK PLUGIN NAME default 10.128.0.0/14 172.30.0.0/16 redhat/openshift-ovs-multitenant [root@preserve-zzhao 0718]# oc get netnamespaces | grep etcd openshift-etcd 1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1809