Bug 1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted
Summary: [OVN] Egress router pod not running and openshift.io/scc is restricted
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.0
Assignee: Mohamed Mahmoud
QA Contact: Weibin Liang
Depends On:
TreeView+ depends on / blocked
Reported: 2021-06-07 14:58 UTC by Weibin Liang
Modified: 2021-07-27 23:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-07-27 23:11:53 UTC
Target Upstream Version:

Attachments (Terms of Use)
CRD generated POD (7.66 KB, text/plain)
2021-06-08 13:20 UTC, Mohamed Mahmoud
no flags Details
manual created yaml (6.19 KB, text/plain)
2021-06-08 13:20 UTC, Mohamed Mahmoud
no flags Details

System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 1125 0 None open Bug 1968567: egress router CNI command is missing 2021-06-08 15:40:38 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:12:11 UTC

Description Weibin Liang 2021-06-07 14:58:19 UTC
Description of problem:

Using EgressRouter CR[1] to create EgressRouter pod, pod is created but not running state, and found openshift.io/scc: restricted when "oc get pod egress-router-cni-deployment-f8c4998d9-jppkn -o yaml"

Before v4.8, we need create NAD and EgressRouter separately, after EgressRouter is Rnning, openshift.io/scc: privileged when "oc get pod egress-router-pod -o yaml"

Not sure the setting for openshift.io/scc will cause EgressRouter pod failed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/test2.yaml
2. oc get all
3. oc get pod egress-router-cni-deployment-f8c4998d9-jppkn -o yam

Actual results:
egress-router-cni-deployment-f8c4998d9-jppkn can not be Running

Expected results:
egress-router-cni-deployment-f8c4998d9-jppkn should be in Running state

Additional info:
[1] https://github.com/openshift/egress-router-cni/blob/d9d715819fda56a83b0c52f5ff59741786b3bc63/docs/content/post/cno_controller.md

Comment 1 Mohamed Mahmoud 2021-06-08 13:20:07 UTC
Created attachment 1789379 [details]
CRD generated POD

Comment 2 Mohamed Mahmoud 2021-06-08 13:20:54 UTC
Created attachment 1789380 [details]
manual created yaml

Comment 5 Weibin Liang 2021-06-09 23:38:33 UTC
Tested and verified in 4.8.0-0.nightly-2021-06-09-095212

[weliang@weliang Config]$ oc get all
NAME                                READY   STATUS    RESTARTS   AGE
pod/ovn-egressrouter-redirect-pod   1/1     Running   0          4m48s
pod/test-pod-6686bd4977-4trt5       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-5f4f9       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-5wm2j       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-l2p5q       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-xx4gh       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-zxn4f       1/1     Running   0          4m29s

NAME                                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/ovn-egressrouter-redirect-svc   ClusterIP   <none>        80/TCP    4m35s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/test-pod   6/6     6            6           4m30s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/test-pod-6686bd4977   6         6         6       4m30s
[weliang@weliang Config]$

Comment 8 errata-xmlrpc 2021-07-27 23:11:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.