Bug 1758533 - [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG
Summary: [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.2.z
Assignee: Luis Tomas Bolivar
QA Contact: Jon Uriarte
Depends On: 1758528
TreeView+ depends on / blocked
Reported: 2019-10-04 13:04 UTC by Luis Tomas Bolivar
Modified: 2019-10-30 04:45 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1758528
Last Closed: 2019-10-30 04:44:56 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift kuryr-kubernetes pull 57 0 None None None 2019-10-18 08:15:43 UTC
Red Hat Product Errata RHBA-2019:3151 0 None None None 2019-10-30 04:45:07 UTC

Description Luis Tomas Bolivar 2019-10-04 13:04:55 UTC
+++ This bug was initially created as a clone of Bug #1758528 +++

When deleting a Network Policy, its associated kuryrnetworkpolicy object and the OpenStack SG must be deleted too.

However, there is a problem when deleting the SG associated to the knp object as it can be associated to the ports created for the pools. When deleting the network policy, the affected pod gets their associated OpenStack ports SG updated, but the ports on the pools (which are not associated to any pod yet) are not updated.

Steps to Reproduce:
1. Create namespace
2. Create pod
3. Create NP affecting pod
4. Delete pod
5. Wait around 20 seconds for the pod's port to become part of the pool
6. Delete NP

Actual results:
knp is leftover and NP associated SG

Expected results:
knp is deleted as well as the NP associated SG

Comment 2 Jon Uriarte 2019-10-25 13:32:53 UTC
Verified on OCP 4.2.0-0.nightly-2019-10-25-021846 build on top of OSP 13 2019-10-01.1 puddle.

release image: registry.svc.ci.openshift.org/ocp/release@sha256:8f97aa21e1c0b2815ec7c86e4138362940a5dcbc292840ab4d6d5b67fedb173f

After running related K8s NP upstream tests there are no KNP leftovers, as well as no security groups associated to them.

Comment 4 errata-xmlrpc 2019-10-30 04:44:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.