Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-12800

Multi-homing support in OVN-K requires new CRD


    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • 4.14.0
    • None
    • No
    • SDN Sprint 236, SDN Sprint 237, SDN Sprint 238
    • 3
    • Rejected
    • False
    • Hide



      Description of problem:

      With Cathy's new changes U/S
      When creating a pod the following error occurs:
        Warning  FailedCreatePodSandBox  34s (x4 over 7m15s)  kubelet  (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_testpod-egressip_default_718788ae-687f-4d5d-b0b8-bc778f8717db_0(1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d): error adding pod default_testpod-egressip to CNI network "multus-cni-network": plugin type="multus" name="multus-cni-network" failed (add): [default/testpod-egressip/718788ae-687f-4d5d-b0b8-bc778f8717db:ovn-kubernetes]: error adding container to network "ovn-kubernetes": CNI request failed with status 400: '[default/testpod-egressip 1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d network default NAD default] [default/testpod-egressip 1667f4965a4827464c26e389257ee24cbb98f6e399a89f007122b177fd3be31d network default NAD default] failed to get pod annotation: timed out waiting for annotations: context deadline exceeded
      It was observed that the annotations for IPs and such were not being population on the pod, E.g.
        Annotations:      v1.multus-cni.io/default-network: default/default 
      This was because on the ovnkube-master, we get the following error:
      I0426 18:24:20.541951       1 reflector.go:257] Listing and watching *v1beta1.MultiNetworkPolicy from github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117  
      W0426 18:24:20.543625       1 reflector.go:424] github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117: failed to list *v1beta1.MultiNetworkPolicy: multi-networkpolicies.k8s.cni.cncf.io is forbidden: User "system:serviceaccount:openshift-ovn-kubernetes:ovn-kubernetes-controller" cannot list resource "multi-networkpolicies" in API group "k8s.cni.cncf.io" at the cluster scope
      E0426 18:24:20.543651       1 reflector.go:140] github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/informers/externalversions/factory.go:117: Failed to watch *v1beta1.MultiNetworkPolicy: failed to
      list *v1beta1.MultiNetworkPolicy: multi-networkpolicies.k8s.cni.cncf.io is forbidden: User "system:serviceaccount:openshift-ovn-kubernetes:ovn-kubernetes-controller" cannot list resource "multi-networkpolicies" in API group "k8s.cni.cncf.io" at the cluster scope
      There are 2 issues that this points to:
      1) We don't have the multi-networkpolicies https://raw.githubusercontent.com/k8snetworkplumbingwg/multi-networkpolicy/master/scheme.yml
      2) The ClusterRole openshift-ovn-kubernetes-controller needs to have the RBAC changed to look like the following:
      - apiGroups:
        - k8s.cni.cncf.io
        - network-attachment-definitions
        - multi-networkpolicies
      These changes should be done in the cluster network operator.

      Version-Release number of selected component (if applicable):

      4.14.0 (U/S only right now)

      How reproducible:


      Steps to Reproduce:

      See Above

      Actual results:

      Pods cannot be schedule.

      Expected results:

      Pods are able to be scheduled.

      Additional info:


            jcaamano@redhat.com Jaime Caamaño Ruiz
            wizhao@redhat.com William Zhao
            Weibin Liang Weibin Liang
            Salvatore Daniele
            0 Vote for this issue
            5 Start watching this issue