Bug 1901604 - CNO blocks editing Kuryr options
Summary: CNO blocks editing Kuryr options
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: All
OS: All
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: Michał Dulko
QA Contact: GenadiC
URL:
Whiteboard:
Depends On:
Blocks: 1901605
TreeView+ depends on / blocked
 
Reported: 2020-11-25 15:43 UTC by Michał Dulko
Modified: 2021-02-24 15:36 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Several Kuryr options set on NetworkConfig CRD can now be edited on running environments. Reason: It seemed essential to allow users tweaking of kuryr port pools options for their individual needs. Result: CNO now allows editing those options which will cause Kuryr reconfiguration.
Clone Of:
Environment:
Last Closed: 2021-02-24 15:35:50 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 883 0 None closed Bug 1901604: Kuryr: Allow changes to KuryrConfig 2021-01-29 13:25:12 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:36:19 UTC

Description Michał Dulko 2020-11-25 15:43:48 UTC 
Description of problem:
CNO code deliberately blocks any changes to Network CRD related to Kuryr configuration. We do not need to enforce that really, we have code that will make sure Kuryr pods are restarted when configuration changes.

Version-Release number of selected component (if applicable):
4.x

How reproducible:
Always

Steps to Reproduce:
1. Try editing defaultNetwork.kuryrConfig on `oc edit networks.operator.openshift.io cluster` (available options are listed here: https://github.com/openshift/openshift-docs/pull/27508/files#diff-43c64724124f82eabd8c2216bf5ae8eae892e97bf5cfb3694b028487d8cc10c8R58-R74)
2. Save the object.
3. Check CNO logs to see it starts to fail the reconciliation.

Actual results:
Changes are not applied to `oc get cm -n openshift-kuryr kuryr-config`

Expected results:
Changes are applied.

Additional info:
Comment 1 Michał Dulko 2020-11-25 15:49:30 UTC 
Moving to ON_QA as this got fixed a while ago and all the builds should have this.
Comment 2 rlobillo 2020-11-26 15:36:25 UTC 
Verified on OCP4.7.0-0.nightly-2020-11-25-015010 over OSP16.1 with OVN Octavia (RHOS-16.1-RHEL-8-20201110.n.1).

Running this:

$ oc edit networks.operator.openshift.io cluster

And including section kuryrConfig:

spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  defaultNetwork:
    kuryrConfig:
      enablePortPoolsPrepopulation: false
      poolBatchPorts: 3
      poolMaxPorts: 7
      poolMinPorts: 1
    type: Kuryr
  logLevel: ""
  serviceNetwork:
  - 172.30.0.0/16

is triggering the CNO reconciliation which is updating the kuryr config accordingly:

$ oc get cm -n openshift-kuryr kuryr-config -o yaml | grep "\[vif_pool\]" -A5
    [vif_pool]
    ports_pool_max = 7
    ports_pool_min = 1
    ports_pool_batch = 3
    ports_pool_update_frequency = 30

kuryr pods remain stable after the change:

$ oc get pods -n openshift-kuryr
NAME                                READY   STATUS    RESTARTS   AGE
kuryr-cni-58l79                     1/1     Running   0          39m
kuryr-cni-ct2d7                     1/1     Running   0          38m
kuryr-cni-hz5kx                     1/1     Running   0          37m
kuryr-cni-jr5kv                     1/1     Running   0          38m
kuryr-cni-kzm4h                     1/1     Running   0          37m
kuryr-cni-l4s5m                     1/1     Running   0          39m
kuryr-controller-5bcb56996c-d8hz9   1/1     Running   0          39m
Comment 5 errata-xmlrpc 2021-02-24 15:35:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633
Note You need to log in before you can comment on or make changes to this bug.