This is a follow up from bug 2029742. When new pods that are expected to have egressip nat and lrpolicies are created while ovn-k master is down, they remain missing, even after ovn-k8 is started. Steps to Reproduce: 1. Label one node as egress node 2. Create egressip object oc get egressip -o yaml .... spec: egressIPs: - 172.31.249.117 namespaceSelector: matchLabels: org: pm podSelector: {} status: items: - egressIP: 172.31.249.117 node: compute-0 .... 3. Create ns ds36l and 10 pods in it, label org=pm to the namespace 4. scale the CNO to 0 oc scale deployment network-operator -n openshift-network-operator --replicas 0 5.Delete ovnkube-master ds Scale test pods replicas to 20 6. scale the CNO to 1 oc scale deployment network-operator -n openshift-network-operator --replicas 1 deployment.apps/network-operator scaled 7. Check lr-policy-list and snat ovn-nbctl lr-policy-list ovn_cluster_router | grep "100 " 8. Nat rules are also not correct. They should have been added for the new pods that were started while ovn-k8 was down. sh-4.4# ovn-nbctl --format=csv --no-heading find nat external_ids:name=egressip Actual results: lr-policy-list and snat rules are not added for the new pod instances. Expected results: No stale lr-policy-list and snat rules, and accounting for the all the ones running.
Fixed in https://github.com/openshift/ovn-kubernetes/pull/947/commits/0a2fee424ec84a4af3a47af47d8554d2b04fcb0c
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069