In 1.20 kube-proxy now expects to use EndpointSlice rather than Endpoints by default, so we need to update the RBAC config for standalone kube-proxy to have permission to read that.
(Or alternatively we could update the config to force it to not use EndpointSlice, but we don't want to do that.)
Verified this bug on 4.7.0-0.nightly-2021-01-04-215816
doh, this was implemented wrong
@zhaoazhanqi does QE test Calico or any other other third-party network plugins at all? For the moment, that's the only reliable way of testing that this fix really works. (It has no effect when using openshift-sdn, ovn-kubernetes, or kuryr.)
(I'll test it better myself this time before it merges though...)
Making this blocker+ since it completely breaks most third-party network plugins.
OK, so actually it looks like this was the last piece needed to get hacked-openshift-sdn-with-standalone-kube-proxy to work. So, you could test by doing "openshift-install create manifests", and then adding this to the manifests/ dir before doing "create cluster":
Then you can confirm that the cluster comes up with a standalone kube-proxy (pods in -n openshift-kube-proxy), and everything still works.
Thanks Dan. I should misunderstanding this bug.
I try to setup the Calico cluster this time with 4.7.0-0.nightly-2021-01-06-012750, it works well
[root@preserve-zzhao calico]# oc get network -o yaml | grep -i networktype:
[root@preserve-zzhao calico]# oc get pod -n openshift-kube-proxy
NAME READY STATUS RESTARTS AGE
openshift-kube-proxy-4dhvp 2/2 Running 0 76m
openshift-kube-proxy-f8v7m 2/2 Running 0 64m
openshift-kube-proxy-h7bvm 2/2 Running 0 65m
openshift-kube-proxy-jz7cz 2/2 Running 0 76m
openshift-kube-proxy-pczgz 2/2 Running 0 76m
openshift-kube-proxy-tl6wf 2/2 Running 0 65m
Move this bug to Verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.