Bug 1878725 - Kury CNI init container image is missing iptables package
Summary: Kury CNI init container image is missing iptables package
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.0
Assignee: Maysa Macedo
QA Contact: GenadiC
Depends On:
Blocks: 1867534 1875491 1876566
TreeView+ depends on / blocked
Reported: 2020-09-14 12:01 UTC by Maysa Macedo
Modified: 2020-10-06 18:20 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 792 None closed Bug 1878725: Ensure iptables commands are available on cni init container 2020-09-21 07:47:51 UTC
Github openshift kuryr-kubernetes pull 346 None closed Bug 1878725: Add iptables wrappers to Kuryr CNI 2020-09-21 07:47:51 UTC

Description Maysa Macedo 2020-09-14 12:01:45 UTC
Description of problem:

Installation with Kuryr can not progress because Kuryr CNI Pods are on Init:CrashLoopBackOff as iptables is not available on the container image.

NAME                                READY   STATUS                  RESTARTS   AGE
kuryr-cni-cvc4v                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-sxmwk                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-zjcj8                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-controller-849cf66f44-sq6fq   1/1     Running                 0          89m

[core@ostest-7tlmj-master-0 ~]$ sudo crictl logs 7775399bed756
+ iptables -A OUTPUT -p tcp -m tcp --dport 22623 -j REJECT
/bin/sh: line 5: iptables: command not found

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 2 rlobillo 2020-09-17 15:03:08 UTC
Verified on 4.6.0-0.nightly-2020-09-17-073141 over OSP RHOS-16.1-RHEL-8-20200903.n.0

OCP installed succesfully:

$ tail ~/ostest/.openshift_install.log 
time="2020-09-17T12:26:09Z" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
time="2020-09-17T12:26:09Z" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
time="2020-09-17T12:26:09Z" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"TpCD6-fNLgQ-Di3JN-SGhMX\""
time="2020-09-17T12:26:09Z" level=debug msg="Time elapsed per stage:"
time="2020-09-17T12:26:09Z" level=debug msg="    Infrastructure: 1m52s"
time="2020-09-17T12:26:09Z" level=debug msg="Bootstrap Complete: 18m27s"
time="2020-09-17T12:26:09Z" level=debug msg="               API: 4m3s"
time="2020-09-17T12:26:09Z" level=debug msg=" Bootstrap Destroy: 42s"
time="2020-09-17T12:26:09Z" level=debug msg=" Cluster Operators: 23m5s"
time="2020-09-17T12:26:09Z" level=info msg="Time elapsed: 46m41s"

Note You need to log in before you can comment on or make changes to this bug.