Bug 2034460 - Summary: cloud-network-config-controller does not account for different environment
Summary: Summary: cloud-network-config-controller does not account for different envir...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.10.0
Assignee: Casey Callendrello
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-21 02:05 UTC by Patrick Dillon
Modified: 2022-03-10 16:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-10 16:35:34 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cloud-network-config-controller pull 14 0 None open Bug 2034460: cloud-provider: handle advanced AWS and Azure configurations 2022-01-06 10:14:40 UTC
Github openshift cloud-network-config-controller pull 16 0 None open Bug 2034460: Update Azure Authentication for Different Environments 2022-01-17 13:16:10 UTC
Github openshift cluster-network-operator pull 1275 0 None open Bug 2034460: cncc: handle advanced AWS and Azure configurations 2022-01-10 16:25:35 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:35:49 UTC

Description Patrick Dillon 2021-12-21 02:05:37 UTC
Description of problem: While looking into BZ2034413, I noticed that the authentication code for Azure[0] & AWS[1] will not work for the non-public clouds (e.g. GovCloud, Azure Stack).

If the controller is being deployed on these clouds, and I assume it is because it is being deployed on Azure Stack, it is most likely broken. 


Steps to Reproduce:
Deploy to a non-public AWS or Azure Cloud

Actual results:
controller does not account for different authentication/cannot authenticate

Expected results:
Either don't deploy the controller on non-public clouds (by inspecting the cluster infrastructure object) or use the various authentication methods for these clouds (Installer team can provide examples).


Additional info:
[0]: https://github.com/openshift/cloud-network-config-controller/blob/master/pkg/cloudprovider/aws.go#L41
[1]: https://github.com/openshift/cloud-network-config-controller/blob/master/pkg/cloudprovider/azure.go#L340

Comment 8 zhaozhanqi 2022-01-12 05:59:28 UTC
According to the CI, this issue happen on AWS with STS, So I update the title, please correct me it's not explicit, thanks

Comment 20 zhaozhanqi 2022-01-26 03:31:39 UTC
Trying to deploy or find one ASH cluster for verifying this bug..

Comment 21 zhaozhanqi 2022-01-26 09:50:03 UTC
Verified this bug on 4.10.0-0.nightly-2022-01-24-070025 with ASH cluster


$ oc get pod -n openshift-cloud-network-config-controller
NAME                                               READY   STATUS    RESTARTS   AGE
cloud-network-config-controller-797d96d66b-pjjrh   1/1     Running   0          39h

$ oc get co network
NAME      VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
network   4.10.0-0.nightly-2022-01-24-070025   True        False         False      39h

Comment 24 errata-xmlrpc 2022-03-10 16:35:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.