-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
Incidents & Support
-
0.42
-
False
-
-
False
-
None
-
Critical
-
None
Description of problem:
Managed Openshift on IBM Cloud (ROKS) 4.20 (=OCP 4.20) is not able to install and run OCP Virt properly. There are new network policies introduced, which prevents certain required network flows, which are different between normal OCP and hypershift hosted clusters.
Version-Release number of selected component (if applicable):
CNV 4.20.1
How reproducible:
Steps to Reproduce:
1. Install hypershift hosted cluster, for example ROKS 4.20. 2. Apply workarounds to a similar issue with OLM (https://issues.redhat.com/browse/OCPBUGS-66980). Workaround can be to add a custom networkpolicy to `openshift-marketplace` that allows everything in and out. 3. Install OCP Virt 4.20.1 with its default settings.
Actual results:
Error 1: Virt-template validator is not able to call Kube API (see attached screenshot). Workaround can be to add a custom networkpolicy to `openshift-cnv` that allows egress 2040 (Kube API proxy port on the nodes). Error 2: Konnectivity is not able to connect to the webhook services in `openshift-cnv`, when webhooks are invoked during VM creation. Workaround can be to add a custom networkpolicy to `openshift-cnv` that allows ingress 8443 (webhook port). Error 3: Once Konnectivity is allowed with a custom NetworkPolicy, VMs can be created, but console (both VNC and serial) is still blocked.
Expected results:
OCP Virt works similarly as with up to 4.20.0.
Additional info:
There might be other functions which are broken as well, I just figured out the basic VM creation.
