Bug 2004081 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
Summary: cluster-etcd-operator: render command should fail if machineCidr contains res...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Etcd
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.z
Assignee: Haseeb Tariq
QA Contact: ge liu
URL:
Whiteboard:
Depends On: 2007448
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-09-14 13:32 UTC by Sam Batschelet
Modified: 2022-08-24 17:14 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2007448 (view as bug list)
Environment:
Last Closed: 2022-08-24 17:14:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Sam Batschelet 2021-09-14 13:32:54 UTC 
Description of problem: OCP explicitly does not allow the use of the following reserved address blocks.

2001:db8::/32

192.0.2.0/24

If the render command observes these in the install-config as machineCidr it should fail and provide a clear message to admin.

https://github.com/openshift/cluster-kube-apiserver-operator/blob/d6a60b2c18806d69dcf27228aacb830a699126f3/pkg/operator/configobservation/etcdendpoints/observe_etcd_endpoints.go#L72



Version-Release number of selected component (if applicable):


How reproducible: 100%


Steps to Reproduce:
1. create a cluster with machineCidr defined using one of the ranges above
2. cluster will fail to bootstrap because we will skip these endpoints in the observers used by the control-plane operators[1].
3.

Actual results: bootstrap fails for an unknown reason.


Expected results: bootstrap fails early as possible with a clear message indicating the address range is unsupported.


Additional info:

[1] https://github.com/openshift/cluster-kube-apiserver-operator/blob/d6a60b2c18806d69dcf27228aacb830a699126f3/pkg/operator/configobservation/etcdendpoints/observe_etcd_endpoints.go#L72
Comment 5 Scott Dodson 2022-08-24 17:14:20 UTC 
With no customer cases attached and fixes having made it no further than 4.9 I'm going ahead and closing this as it's unlikely that we're on track to close this before 4.6 EOL.
Note You need to log in before you can comment on or make changes to this bug.