1968567 – [OVN] Egress router pod not running and openshift.io/scc is restricted

Bug 1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted

Summary: [OVN] Egress router pod not running and openshift.io/scc is restricted

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Mohamed Mahmoud
QA Contact:	Weibin Liang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-07 14:58 UTC by Weibin Liang
Modified:	2021-07-27 23:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-07-27 23:11:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
CRD generated POD (7.66 KB, text/plain) 2021-06-08 13:20 UTC, Mohamed Mahmoud	no flags	Details
manual created yaml (6.19 KB, text/plain) 2021-06-08 13:20 UTC, Mohamed Mahmoud	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-network-operator pull 1125	0	None	open	Bug 1968567: egress router CNI command is missing	2021-06-08 15:40:38 UTC
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 23:12:11 UTC

Description Weibin Liang 2021-06-07 14:58:19 UTC

Description of problem:

Using EgressRouter CR[1] to create EgressRouter pod, pod is created but not running state, and found openshift.io/scc: restricted when "oc get pod egress-router-cni-deployment-f8c4998d9-jppkn -o yaml"

Before v4.8, we need create NAD and EgressRouter separately, after EgressRouter is Rnning, openshift.io/scc: privileged when "oc get pod egress-router-pod -o yaml"

Not sure the setting for openshift.io/scc will cause EgressRouter pod failed.

Version-Release number of selected component (if applicable):
4.8.0-0.nightly-2021-06-03-221810

How reproducible:
Always

Steps to Reproduce:
1. oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/test2.yaml
2. oc get all
3. oc get pod egress-router-cni-deployment-f8c4998d9-jppkn -o yam

Actual results:
egress-router-cni-deployment-f8c4998d9-jppkn can not be Running

Expected results:
egress-router-cni-deployment-f8c4998d9-jppkn should be in Running state

Additional info:
[1] https://github.com/openshift/egress-router-cni/blob/d9d715819fda56a83b0c52f5ff59741786b3bc63/docs/content/post/cno_controller.md

Comment 1 Mohamed Mahmoud 2021-06-08 13:20:07 UTC

Created attachment 1789379 [details]
CRD generated POD

Comment 2 Mohamed Mahmoud 2021-06-08 13:20:54 UTC

Created attachment 1789380 [details]
manual created yaml

Comment 5 Weibin Liang 2021-06-09 23:38:33 UTC

Tested and verified in 4.8.0-0.nightly-2021-06-09-095212

[weliang@weliang Config]$ oc get all
NAME                                READY   STATUS    RESTARTS   AGE
pod/ovn-egressrouter-redirect-pod   1/1     Running   0          4m48s
pod/test-pod-6686bd4977-4trt5       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-5f4f9       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-5wm2j       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-l2p5q       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-xx4gh       1/1     Running   0          4m29s
pod/test-pod-6686bd4977-zxn4f       1/1     Running   0          4m29s

NAME                                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/ovn-egressrouter-redirect-svc   ClusterIP   172.30.222.10   <none>        80/TCP    4m35s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/test-pod   6/6     6            6           4m30s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/test-pod-6686bd4977   6         6         6       4m30s
[weliang@weliang Config]$

Comment 8 errata-xmlrpc 2021-07-27 23:11:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.