Version: 4.11 dev Platform: OpenStack Please specify: IPI What happened? Installer orphans FIPs created for LoadBalancer Services. The LBs are deleted just fine. What did you expect to happen? FIP to get deleted too. How to reproduce it (as minimally and precisely as possible)? Install, create LoadBalancer Service, note the FIP ID. Then destroy the cluster and check if FIP got deleted. It should, but it won't.
Verified in 4.11.0-0.nightly-2022-06-14-172335 on top of OSP 16.1.6. Verification steps: 1. Install OCP 4.11 with Kuryr networkType $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-0.nightly-2022-06-14-172335 True False 7h37m Cluster version is 4.11.0-0.nightly-2022-06-14-17233 2. Create a LB type service $ cat <<EOF | oc apply -f - --- apiVersion: project.openshift.io/v1 kind: Project metadata: name: bz2093368-ns labels: kubernetes.io/metadata.name: bz2093368-ns --- apiVersion: apps/v1 kind: Deployment metadata: name: bz2093368-dep namespace: bz2093368-ns labels: app: bz2093368-dep spec: replicas: 2 selector: matchLabels: app: bz2093368-dep template: metadata: labels: app: bz2093368-dep spec: securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault containers: - image: quay.io/kuryr/demo securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL name: demo --- apiVersion: v1 kind: Service metadata: name: bz2093368-svc namespace: bz2093368-ns labels: app: bz2093368-dep spec: ports: - port: 80 targetPort: 8080 selector: app: bz2093368-dep type: LoadBalancer EOF 3. Wait until the LB and svc are created $ oc get svc -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE [...] bz2093368-ns bz2093368-svc LoadBalancer 172.30.246.152 10.0.0.181 80:32198/TCP 90s $ openstack loadbalancer list +--------------------------------------+----------------------------+----------------------------------+----------------+---------------------+----------+ | id | name | project_id | vip_address | provisioning_status | provider | +--------------------------------------+----------------------------+----------------------------------+----------------+---------------------+----------+ [...] | a4a47f48-8bd6-4d19-8180-cbd82a15c148 | bz2093368-ns/bz2093368-svc | 42a001f17da442e9a0e894a1a7052603 | 172.30.246.152 | ACTIVE | ovn | +--------------------------------------+----------------------------+----------------------------------+----------------+---------------------+----------+ $ openstack floating ip list #note the LB type svc FIP (id:6e9d6c27-9b4f-4c8e-b628-179ac1aaca86, fip:10.0.0.181) +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+ | 6e9d6c27-9b4f-4c8e-b628-179ac1aaca86 | 10.0.0.181 | 172.30.246.152 | f34a7a44-bf5a-4c1d-a891-9a9e96c44ddd | 4634cf2c-056f-4dee-98de-6b4e68b7af5b | | 7c55fdd3-f102-4508-bc57-29745fe8f9c3 | 10.0.0.202 | 10.196.0.7 | dd707f2e-b504-4dc7-a03b-36d5c28b40d8 | 4634cf2c-056f-4dee-98de-6b4e68b7af5b | | b395ff0e-9fb6-424e-addd-e99e12bcc988 | 10.0.0.232 | 10.196.0.5 | 154a135d-d983-4983-964e-b830b16f16c7 | 4634cf2c-056f-4dee-98de-6b4e68b7af5b | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+ 4. Check connectivity to the service $ curl 10.0.0.181 bz2093368-dep-64bc765fb6-xcqgl: HELLO! I AM ALIVE!!! $ curl 10.0.0.181 bz2093368-dep-64bc765fb6-vzjwg: HELLO! I AM ALIVE!!! 5. Destroy the cluster and check the LB fip does not exist $ openshift-install destroy cluster --dir=<dir> [...] time="2022-06-16T02:13:25-04:00" level=debug msg="Deleting Floating IP \"6e9d6c27-9b4f-4c8e-b628-179ac1aaca86\"" [...] time="2022-06-16T02:16:50-04:00" level=info msg="Time elapsed: 3m28s" $ openstack floating ip list +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | 7c55fdd3-f102-4508-bc57-29745fe8f9c3 | 10.0.0.202 | None | None | 4634cf2c-056f-4dee-98de-6b4e68b7af5b | 42a001f17da442e9a0e894a1a7052603 | | b395ff0e-9fb6-424e-addd-e99e12bcc988 | 10.0.0.232 | None | None | 4634cf2c-056f-4dee-98de-6b4e68b7af5b | 42a001f17da442e9a0e894a1a7052603 | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069