Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1901604

Summary: CNO blocks editing Kuryr options
Product: OpenShift Container Platform Reporter: Michał Dulko <mdulko>
Component: NetworkingAssignee: Michał Dulko <mdulko>
Networking sub component: kuryr QA Contact: GenadiC <gcheresh>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: rlobillo
Version: 4.7   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: Several Kuryr options set on NetworkConfig CRD can now be edited on running environments. Reason: It seemed essential to allow users tweaking of kuryr port pools options for their individual needs. Result: CNO now allows editing those options which will cause Kuryr reconfiguration.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:35:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1901605    

Description Michał Dulko 2020-11-25 15:43:48 UTC 
Description of problem:
CNO code deliberately blocks any changes to Network CRD related to Kuryr configuration. We do not need to enforce that really, we have code that will make sure Kuryr pods are restarted when configuration changes.

Version-Release number of selected component (if applicable):
4.x

How reproducible:
Always

Steps to Reproduce:
1. Try editing defaultNetwork.kuryrConfig on `oc edit networks.operator.openshift.io cluster` (available options are listed here: https://github.com/openshift/openshift-docs/pull/27508/files#diff-43c64724124f82eabd8c2216bf5ae8eae892e97bf5cfb3694b028487d8cc10c8R58-R74)
2. Save the object.
3. Check CNO logs to see it starts to fail the reconciliation.

Actual results:
Changes are not applied to `oc get cm -n openshift-kuryr kuryr-config`

Expected results:
Changes are applied.

Additional info:
Comment 1 Michał Dulko 2020-11-25 15:49:30 UTC 
Moving to ON_QA as this got fixed a while ago and all the builds should have this.
Comment 2 rlobillo 2020-11-26 15:36:25 UTC 
Verified on OCP4.7.0-0.nightly-2020-11-25-015010 over OSP16.1 with OVN Octavia (RHOS-16.1-RHEL-8-20201110.n.1).

Running this:

$ oc edit networks.operator.openshift.io cluster

And including section kuryrConfig:

spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  defaultNetwork:
    kuryrConfig:
      enablePortPoolsPrepopulation: false
      poolBatchPorts: 3
      poolMaxPorts: 7
      poolMinPorts: 1
    type: Kuryr
  logLevel: ""
  serviceNetwork:
  - 172.30.0.0/16

is triggering the CNO reconciliation which is updating the kuryr config accordingly:

$ oc get cm -n openshift-kuryr kuryr-config -o yaml | grep "\[vif_pool\]" -A5
    [vif_pool]
    ports_pool_max = 7
    ports_pool_min = 1
    ports_pool_batch = 3
    ports_pool_update_frequency = 30

kuryr pods remain stable after the change:

$ oc get pods -n openshift-kuryr
NAME                                READY   STATUS    RESTARTS   AGE
kuryr-cni-58l79                     1/1     Running   0          39m
kuryr-cni-ct2d7                     1/1     Running   0          38m
kuryr-cni-hz5kx                     1/1     Running   0          37m
kuryr-cni-jr5kv                     1/1     Running   0          38m
kuryr-cni-kzm4h                     1/1     Running   0          37m
kuryr-cni-l4s5m                     1/1     Running   0          39m
kuryr-controller-5bcb56996c-d8hz9   1/1     Running   0          39m
Comment 5 errata-xmlrpc 2021-02-24 15:35:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633