-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
4.14.0
-
None
-
No
-
SDN Sprint 236, SDN Sprint 237, SDN Sprint 238
-
3
-
Rejected
-
False
-
Description of problem:
With Cathy's new changes U/S https://github.com/ovn-org/ovn-kubernetes/pull/3382 When creating a pod the following error occurs: Warning FailedCreatePodSandBox 34s (x4 over 7m15s) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_testpod-egressip_default_718788ae-687f-4d5d-b0b8-bc778f8717db_0(1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d): error adding pod default_testpod-egressip to CNI network "multus-cni-network": plugin type="multus" name="multus-cni-network" failed (add): [default/testpod-egressip/718788ae-687f-4d5d-b0b8-bc778f8717db:ovn-kubernetes]: error adding container to network "ovn-kubernetes": CNI request failed with status 400: '[default/testpod-egressip 1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d network default NAD default] [default/testpod-egressip 1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d network default NAD default] failed to get pod annotation: timed out waiting for annotations: context deadline exceeded It was observed that the annotations for IPs and such were not being population on the pod, E.g. Annotations: v1.multus-cni.io/default-network: default/default This was because on the ovnkube-master, we get the following error: I0426 18:24:20.541951 1 reflector.go:257] Listing and watching *v1beta1.MultiNetworkPolicy from github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117 W0426 18:24:20.543625 1 reflector.go:424] github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117: failed to list *v1beta1.MultiNetworkPolicy: multi-networkpolicies.k8s.cni.cncf.io is forbidden: User "system:serviceaccount:openshift-ovn-kubernetes:ovn-kubernetes-controller" cannot list resource "multi-networkpolicies" in API group "k8s.cni.cncf.io" at the cluster scope E0426 18:24:20.543651 1 reflector.go:140] github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117: Failed to watch *v1beta1.MultiNetworkPolicy: failed to list *v1beta1.MultiNetworkPolicy: multi-networkpolicies.k8s.cni.cncf.io is forbidden: User "system:serviceaccount:openshift-ovn-kubernetes:ovn-kubernetes-controller" cannot list resource "multi-networkpolicies" in API group "k8s.cni.cncf.io" at the cluster scope There are 2 issues that this points to: 1) We don't have the multi-networkpolicies https://raw.githubusercontent.com/k8snetworkplumbingwg/multi-networkpolicy/master/scheme.yml 2) The ClusterRole openshift-ovn-kubernetes-controller needs to have the RBAC changed to look like the following: - apiGroups: - k8s.cni.cncf.io resources: - network-attachment-definitions - multi-networkpolicies These changes should be done in the cluster network operator.
Version-Release number of selected component (if applicable):
4.14.0 (U/S only right now)
How reproducible:
Always
Steps to Reproduce:
See Above
Actual results:
Pods cannot be schedule.
Expected results:
Pods are able to be scheduled.
Additional info:
