When setting provisioningNetworkCIDR in install config, not using the 0th address in the range can result in the wrong ProvisioningIP being set. This is because of a bug in apparentlymart/go-cidr , is it calculates the IP address with a bitwise OR without masking. ProvisioningNetworkCIDR := ipnet.MustParseCIDR("172.22.0.0/24"); ip, _ := cidr.Host(&ProvisioningNetworkCIDR.IPNet, 2); fmt.Println(ip); results in 172.22.0.2 ProvisioningNetworkCIDR := ipnet.MustParseCIDR("172.22.0.1/24"); ip, _ := cidr.Host(&ProvisioningNetworkCIDR.IPNet, 2); fmt.Println(ip); results in 172.22.0.3
(In reply to Derek Higgins from comment #0) > This is because of a bug in apparentlymart/go-cidr , is it calculates the IP > address with a bitwise OR without masking. The bitwise OR works in go-cidr as it expects the net.IPNet passed into it to be from ParseCIDR, we use MustParseCIDR which returns a HostIP/MaskLen A change in this behaviour has already been submitted upstream https://github.com/apparentlymart/go-cidr/pull/15 (see ip = ip.Mask(mask) ) This hasn't been reviewed in some time, so in the meantime I've submitted a PR to validate the CIDR
verified on 4.10.0-0.nightly-2021-10-31-210828
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056