When enabling kuryrnet handler, the kuryr pools are pre-populated for each newly created namespace. This increases the load on neutron side during spikes of namespaces creation. In turns, that makes the creation of those ports slower, as well as the deletion of namespaces and its associated neutron resources (in this case the ports of their associated pools). And finally, this leads to timeouts on kuryr-controller waiting for the namespace resources to be cleaned up
Verified on OCP 4.3.0-0.nightly-2019-10-17-061631 build on top of OSP 13 2019-10-01.1 puddle.
release image: registry.svc.ci.openshift.org/ocp/release@sha256:2cafe25ec1ed2dfdec361cde13b4461d2a30194d0b41fbd1c6d3fad5ab34ca05
kuryrnet handler is not enabled:
$ oc -n openshift-kuryr get cm kuryr-config -o yaml | grep handler
enabled_handlers = vif,lb,lbaasspec,policy,pod_label,namespace,kuryrnetpolicy
$ oc -n openshift-kuryr get cm kuryr-config -o yaml | grep annotation
vif_annotation_timeout = 500
$ oc -n openshift-kuryr get deploy kuryr-controller -o yaml | grep failure
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.