1758533 – [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG

Bug 1758533 - [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG

Summary: [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.2.z
Assignee:	Luis Tomas Bolivar
QA Contact:	Jon Uriarte
Docs Contact:
URL:
Whiteboard:
Depends On:	1758528
Blocks:
TreeView+	depends on / blocked

Reported:	2019-10-04 13:04 UTC by Luis Tomas Bolivar
Modified:	2019-10-30 04:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1758528
Environment:
Last Closed:	2019-10-30 04:44:56 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift kuryr-kubernetes pull 57	0	None	None	None	2019-10-18 08:15:43 UTC
Red Hat Product Errata	RHBA-2019:3151	0	None	None	None	2019-10-30 04:45:07 UTC

Description Luis Tomas Bolivar 2019-10-04 13:04:55 UTC

+++ This bug was initially created as a clone of Bug #1758528 +++

When deleting a Network Policy, its associated kuryrnetworkpolicy object and the OpenStack SG must be deleted too.

However, there is a problem when deleting the SG associated to the knp object as it can be associated to the ports created for the pools. When deleting the network policy, the affected pod gets their associated OpenStack ports SG updated, but the ports on the pools (which are not associated to any pod yet) are not updated.


Steps to Reproduce:
1. Create namespace
2. Create pod
3. Create NP affecting pod
4. Delete pod
5. Wait around 20 seconds for the pod's port to become part of the pool
6. Delete NP

Actual results:
knp is leftover and NP associated SG


Expected results:
knp is deleted as well as the NP associated SG

Comment 2 Jon Uriarte 2019-10-25 13:32:53 UTC

Verified on OCP 4.2.0-0.nightly-2019-10-25-021846 build on top of OSP 13 2019-10-01.1 puddle.

release image: registry.svc.ci.openshift.org/ocp/release@sha256:8f97aa21e1c0b2815ec7c86e4138362940a5dcbc292840ab4d6d5b67fedb173f

After running related K8s NP upstream tests there are no KNP leftovers, as well as no security groups associated to them.

Comment 4 errata-xmlrpc 2019-10-30 04:44:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3151

Note You need to log in before you can comment on or make changes to this bug.