Details
-
Bug
-
Resolution: Done-Errata
-
Undefined
-
4.14
-
Important
-
No
-
Hypershift Sprint 238, Hypershift Sprint 239, Hypershift Sprint 240, Hypershift Sprint 241, Hypershift Sprint 242, Hypershift Sprint 243
-
6
-
Proposed
-
False
-
Description
Description of problem:
Installing a 4.14 self-managed hosted cluster on a dual-stack hub with the "hypershift create cluster agent" command. The logs of the hypershift operator pod show a bunch of these errors:
{"level":"error","ts":"2023-06-08T13:36:26Z","msg":"Reconciler error","controller":"hostedcluster","controllerGroup":"hypershift.openshift.io","controllerKind":"HostedCluster","hostedCluster":{"name":"hosted-0","namespace":"clusters"},"namespace":"clusters","name":"hosted-0","reconcileID":"a0a0f44f-7bbe-499f-95b0-e24b793ee48c","error":"failed to reconcile network policies: failed to reconcile kube-apiserver network policy: NetworkPolicy.extensions \"kas\" is invalid: spec.egress[1].to[0].ipBlock.except[1]: Invalid value: \"fd01::/48\": must be a strict subset of `cidr`","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:234"}
The hostedcluster CR is showing the same ReconciliationError. Note that the networking section in the hostedcluster CRD created by the "hypershift create cluster agent" command has ipv4 CIDR:
networking:
clusterNetwork:
- cidr: 10.132.0.0/14
networkType: OVNKubernetes
serviceNetwork:
- cidr: 172.31.0.0/16
while services have ipv6 nodeport addresses.
Version-Release number of selected component (if applicable):
$ oc version Client Version: 4.14.0-0.nightly-2023-06-05-112833 Kustomize Version: v4.5.7 Server Version: 4.14.0-0.nightly-2023-06-05-112833 Kubernetes Version: v1.27.2+cc041e8
How reproducible:
100%
Steps to Reproduce:
1. Install 4.14 OCP dual-stuck BM hub cluster 2. Install MCE 2.4 and Hypershift operator 3. Install hosted cluster with "hypershift create cluster agent" command
Actual results:
hosted cluster CR shows ReconciliationError: - lastTransitionTime: "2023-06-08T10:55:33Z" message: 'failed to reconcile network policies: failed to reconcile kube-apiserver network policy: NetworkPolicy.extensions "kas" is invalid: spec.egress[1].to[0].ipBlock.except[1]: Invalid value: "fd01::/48": must be a strict subset of `cidr`' observedGeneration: 2 reason: ReconciliationError status: "False" type: ReconciliationSucceeded
Expected results:
ReconciliationSucceeded condition should be True
Additional info:
Logs and CRDs produced by the failed job: https://s3.upshift.redhat.com/DH-PROD-OCP-EDGE-QE-CI/ocp-spoke-assisted-operator-deploy/8044/post-mortem.zip
Attachments
Issue Links
- blocks
-
OCPSTRAT-373 Support IPv6 Hosted Cluster Deployments with HyperShift
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
-
RHSA-2023:5006
OpenShift Container Platform 4.14.z security update
- mentioned on
