Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15978

DNSReady is True even dns records failed to be published to public zone

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Critical
    • 4.14.0
    • 4.14.0
    • Networking / router
    • None
    • Important
    • No
    • Sprint 239, Sprint 240, Sprint 241, Sprint 242
    • 4
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, the Ingress Operator did not check status of DNS records in public hosted zones when updating the Operator status.
      This caused the Ingress Operator to report the DNS status as `ready` when there could be errors in DNS records in public hosted zones. Now, the Ingress Operator checks the status of both public and private hosted zones fixing the issue. (link:https://issues.redhat.com/browse/OCPBUGS-15978[*OCPBUGS-15978*])
      Show
      Previously, the Ingress Operator did not check status of DNS records in public hosted zones when updating the Operator status. This caused the Ingress Operator to report the DNS status as `ready` when there could be errors in DNS records in public hosted zones. Now, the Ingress Operator checks the status of both public and private hosted zones fixing the issue. (link: https://issues.redhat.com/browse/OCPBUGS-15978 [* OCPBUGS-15978 *])
    • Bug Fix
    • Done

    Description

      Description of problem:

      when checking the bug https://issues.redhat.com/browse/OCPBUGS-15976, found that the default ingresscontroller DNSReady is True even dns records failed to be published to public zone, the co/ingress doesn't report any error.

      Version-Release number of selected component (if applicable):

      4.14.0-0.nightly-2023-07-05-191022

      How reproducible:

      100%

      Steps to Reproduce:

      1. install Azure cluster configured for manual mode with Azure Workload Identity 

2. check dnsrecords of default-wildcard
$ oc -n openshift-ingress-operator get dnsrecords default-wildcard -oyaml
<---snip--->
  - conditions:
    - lastTransitionTime: "2023-07-10T04:23:55Z"
      message: 'The DNS provider failed to ensure the record: failed to update dns ......
      reason: ProviderError
      status: "False"
      type: Published
    dnsZone:
      id: /subscriptions/xxxxx/resourceGroups/os4-common/providers/Microsoft.Network/dnszones/qe.azure.devcluster.openshift.com

3. Check ingresscontroller status
$ oc -n openshift-ingress-operator get ingresscontroller default -oyaml
<---snip--->
  - lastTransitionTime: "2023-07-10T04:23:55Z"
    message: The record is provisioned in all reported zones.
    reason: NoFailedZones
    status: "True"
    type: DNSReady

4. Check co/ingress status
$ oc get co/ingress
NAME      VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
ingress   4.14.0-0.nightly-2023-07-05-191022   True        False         False      127m    

      Actual results:

      1. DNSReady is True and message shows: The record is provisioned in all reported zones.
2. co/ingress doesn't report any error

      Expected results:

      DNSReady should be False since failed to publish to public zone

      Additional info:

       

      Attachments

        Activity

          People

            mmasters1@redhat.com Miciah Masters
            rhn-support-hongli Hongan Li
            Hongan Li Hongan Li
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: