Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1901605

Summary: CNO blocks editing Kuryr options
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: NetworkingAssignee: MichaƂ Dulko <mdulko>
Networking sub component: kuryr QA Contact: GenadiC <gcheresh>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: mdulko, rlobillo
Version: 4.7   
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-08 13:50:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1901604    
Bug Blocks:    

Description OpenShift BugZilla Robot 2020-11-25 15:45:31 UTC 
+++ This bug was initially created as a clone of Bug #1901604 +++

Description of problem:
CNO code deliberately blocks any changes to Network CRD related to Kuryr configuration. We do not need to enforce that really, we have code that will make sure Kuryr pods are restarted when configuration changes.

Version-Release number of selected component (if applicable):
4.x

How reproducible:
Always

Steps to Reproduce:
1. Try editing defaultNetwork.kuryrConfig on `oc edit networks.operator.openshift.io cluster` (available options are listed here: https://github.com/openshift/openshift-docs/pull/27508/files#diff-43c64724124f82eabd8c2216bf5ae8eae892e97bf5cfb3694b028487d8cc10c8R58-R74)
2. Save the object.
3. Check CNO logs to see it starts to fail the reconciliation.

Actual results:
Changes are not applied to `oc get cm -n openshift-kuryr kuryr-config`

Expected results:
Changes are applied.

Additional info:
Comment 3 rlobillo 2021-02-02 14:16:59 UTC 
Verified on 4.6.0-0.nightly-2021-01-30-211400 over OSP13 (2021-01-20.1) with Amphora provider.

Running this:

$ oc edit networks.operator.openshift.io cluster

And including section kuryrConfig:

spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  defaultNetwork:
    kuryrConfig:
      enablePortPoolsPrepopulation: false
      poolBatchPorts: 3
      poolMaxPorts: 7
      poolMinPorts: 1
    type: Kuryr
  logLevel: ""
  serviceNetwork:
  - 172.30.0.0/16

is triggering the CNO reconciliation which is updating the kuryr config accordingly:

$ oc get cm -n openshift-kuryr kuryr-config -o yaml | grep "\[vif_pool\]" -A5
    [vif_pool]
    ports_pool_max = 7
    ports_pool_min = 1
    ports_pool_batch = 3
    ports_pool_update_frequency = 30

kuryr pods remain stable after the change:

$ oc get pods -n openshift-kuryr
NAME                               READY   STATUS    RESTARTS   AGE
kuryr-cni-ggvhk                    1/1     Running   0          101m
kuryr-cni-gkw7x                    1/1     Running   0          103m
kuryr-cni-ls5cr                    1/1     Running   0          102m
kuryr-cni-nqhfs                    1/1     Running   0          101m
kuryr-cni-s87gs                    1/1     Running   0          104m
kuryr-cni-t7tzt                    1/1     Running   0          104m
kuryr-controller-7dbc659d8-nntpv   1/1     Running   0          62m

Tempest tests run successfully with updated parameters.
Comment 5 errata-xmlrpc 2021-02-08 13:50:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.6.16 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0308