Hide Forgot
Description of problem: If the security settings on a NIC prevent the enumeration of the NetworkInterfaceReferenceProperties to populate Primary field, then the NIC is not processed, leading to the 'cloud.network.openshift.io/egress-ipconfig' annotation not being applied to a node. In order to overcome this limitation, defaulting to selecting the first NIC in the list, if the lookup based on the primary field has failed and we have a list NICs, would fix this issue. This works well for VMs with only a single NIC. However, in multi-NIC scenarios it is a compromise since we do not really know which one we should be selecting. Version-Release number of selected component (if applicable): $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-rc.6 True False 29h Cluster version is 4.10.0-rc.6 How reproducible: Always fails if the security restrictions prevent enumeration of the NICs properties, beyond its ID. Steps to Reproduce: Create an ARO cluster (currently creates a OCP 4.9) and upgrade to 4.10.0-rc.6 Actual results: The nodes (masters in the case of ARO) are never annotated with 'cloud.network.openshift.io/egress-ipconfig' information. Expected results: The nodes get the 'cloud.network.openshift.io/egress-ipconfig' annotations with the subnets and IP capacities. Additional info: I have created and linked a PR that fixes the issue for ARO clusters, which uses VMs with single NICs.
tested 4.10.5 -> 4.11.0-0.nightly-2022-03-15-223029 ❯ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.5 True True 47m Working towards 4.11.0-0.nightly-2022-03-15-223029: 655 of 777 done (84% complete), waiting on machine-config ❯ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-0.nightly-2022-03-15-223029 True False 5h45m Cluster version is 4.11.0-0.nightly-2022-03-15-223029 ❯ oc get node dbrahane-2060334-7wdwh-master-0 -o yaml apiVersion: v1 kind: Node metadata: annotations: cloud.network.openshift.io/egress-ipconfig: '[{"interface":"dbrahane-2060334-7wdwh-master-0-nic","ifaddr":{"ipv4":"10.0.0.0/16"},"capacity":{"ip":255}}]' csi.volume.kubernetes.io/nodeid: '{"disk.csi.azure.com":"dbrahane-2060334-7wdwh-master-0"}'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069