Description of problem: There is a cache de-synchronization in ovnkube-master when restarting. All previously performed allocations are not populated in the internal cache which manages egress IP assignments, allowing for invalid assignments to be performed when ovnkube-master has restarted. An example of this is assigning the same egress IP to a second EgressIP object after ovnkube-master has restarted. This should not be allowed in the normal case, but is however enabled due to this problem. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create namespace "test" 3. Create an EgressIP "egressip-test" object matching namespace "test" with IP X 4. Restart ovnkube-master (or the current leader in an HA deployment) 5. Create a namespace "test2" 6. Create a EgressIP "egressip-test2" object matching namespace "test2" with IP X Actual results: IP X is assigned to "egressip-test2" Expected results: IP X should not be assigned to "egressip-test2" and instead trigger an event indicating: "NoMatchingNodeFound" Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056