Bug 1878725 - Kury CNI init container image is missing iptables package
Summary: Kury CNI init container image is missing iptables package
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.6
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.6.0
Assignee: Maysa Macedo
QA Contact: GenadiC
URL:
Whiteboard:
Depends On:
Blocks: 1867534 1875491 1876566
TreeView+ depends on / blocked
 
Reported: 2020-09-14 12:01 UTC by Maysa Macedo
Modified: 2020-10-27 16:41 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:40:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 792 0 None closed Bug 1878725: Ensure iptables commands are available on cni init container 2020-09-21 07:47:51 UTC
Github openshift kuryr-kubernetes pull 346 0 None closed Bug 1878725: Add iptables wrappers to Kuryr CNI 2020-09-21 07:47:51 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:41:07 UTC

Description Maysa Macedo 2020-09-14 12:01:45 UTC
Description of problem:

Installation with Kuryr can not progress because Kuryr CNI Pods are on Init:CrashLoopBackOff as iptables is not available on the container image.

NAME                                READY   STATUS                  RESTARTS   AGE
kuryr-cni-cvc4v                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-sxmwk                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-cni-zjcj8                     0/1     Init:CrashLoopBackOff   22         89m
kuryr-controller-849cf66f44-sq6fq   1/1     Running                 0          89m

[core@ostest-7tlmj-master-0 ~]$ sudo crictl logs 7775399bed756
+ iptables -A OUTPUT -p tcp -m tcp --dport 22623 -j REJECT
/bin/sh: line 5: iptables: command not found

Version-Release number of selected component (if applicable):

4.6.0-0.nightly-2020-09-12-164537

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 rlobillo 2020-09-17 15:03:08 UTC
Verified on 4.6.0-0.nightly-2020-09-17-073141 over OSP RHOS-16.1-RHEL-8-20200903.n.0

OCP installed succesfully:

$ tail ~/ostest/.openshift_install.log 
time="2020-09-17T12:26:09Z" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/stack/ostest/auth/kubeconfig'"
time="2020-09-17T12:26:09Z" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.ostest.shiftstack.com"
time="2020-09-17T12:26:09Z" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"TpCD6-fNLgQ-Di3JN-SGhMX\""
time="2020-09-17T12:26:09Z" level=debug msg="Time elapsed per stage:"
time="2020-09-17T12:26:09Z" level=debug msg="    Infrastructure: 1m52s"
time="2020-09-17T12:26:09Z" level=debug msg="Bootstrap Complete: 18m27s"
time="2020-09-17T12:26:09Z" level=debug msg="               API: 4m3s"
time="2020-09-17T12:26:09Z" level=debug msg=" Bootstrap Destroy: 42s"
time="2020-09-17T12:26:09Z" level=debug msg=" Cluster Operators: 23m5s"
time="2020-09-17T12:26:09Z" level=info msg="Time elapsed: 46m41s"

Comment 5 errata-xmlrpc 2020-10-27 16:40:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.