Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16189

Dual-Stack Hosted Cluster: IPv6 should not be the default pod/service network IPFamily

    XMLWordPrintable

Details

    • No
    • Hypershift Sprint 242, Hypershift Sprint 243, Hypershift Sprint 244, Hypershift Sprint 245, Hypershift Sprint 246, Hypershift Sprint 247
    • 6
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, when deploying a hosted cluster by using a dual stack networking, by default, the `clusterIP` field was set to an IPv6 network instead of an IPv4 network. With this update, when deploying a hosted cluster by using a dual stack networking, the `clusterIP` field is set to IPv4 network by default. (link:https://issues.redhat.com/browse/OCPBUGS-16189[*OCPBUGS-16189*])
      Show
      * Previously, when deploying a hosted cluster by using a dual stack networking, by default, the `clusterIP` field was set to an IPv6 network instead of an IPv4 network. With this update, when deploying a hosted cluster by using a dual stack networking, the `clusterIP` field is set to IPv4 network by default. (link: https://issues.redhat.com/browse/OCPBUGS-16189 [* OCPBUGS-16189 *])
    • Bug Fix
    • Done

    Description

      Description of problem:

      When deploying a dual stack HostedCluster the user can define networks like this:


  networking:
    clusterNetwork:      
    - cidr: fd01::/48             
      hostPrefix: 64
    - cidr: 10.132.0.0/14
      hostPrefix: 23
    networkType: OVNKubernetes             
    serviceNetwork:          
    - cidr: fd02::/112
    - cidr: 172.31.0.0/16

This will led to missconfiguration on the hosted cluster where services will have its ClusterIP set to IPv6 family (pod network will still default to IPv4 no matter what the order was).

When deployin a dualstack cluster with the openshift-install binary there is a validation in place that will prevent users from configuring default IPv6 networks when deploying dual-stack clusters:

ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: [networking.serviceNetwork: Invalid value: "fd02::/112, 172.30.0.0/16": IPv4 addresses must be listed before IPv6 addresses, networking.clusterNetwork: Invalid value: "fd01::/48, 10.132.0.0/14": IPv4 addresses must be listed before IPv6 addresses]

ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: networking.clusterNetwork: Invalid value: "fd01::/48, 10.132.0.0/14": IPv4 addresses must be listed before IPv6 addresses     

HyperShift should detect this and either block the cluster creation or swap the order so the cluster gets created with default IPv4 networks.

      Version-Release number of selected component (if applicable):

      latest

      How reproducible:

      Always

      Steps to Reproduce:

      1. Deploy a HC with the networking settings specified and using the image with dual stack patches included quay.io/jparrill/hypershift:OCPBUGS-15331-mix-413v12

      Actual results:

      Cluster gets deployed with default IPv6 family for services network.

      Expected results:

      Cluster creation gets blocked OR cluster gets deployed with default IPv4 family for services network.

      Additional info:

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-20180 Dual-Stack Hosted Cluster: IPv6 should not be the default pod/service network IPFamily

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-27238 Ironic agent inspection fails

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • New
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-20180 Dual-Stack Hosted Cluster: IPv6 should not be the default pod/service network IPFamily

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/hypershift#3047: OCPBUGS-19746, OCPBUGS-16189: Added network validations

          GitHub openshift/hypershift#3080: [release-4.14] OCPBUGS-19746, OCPBUGS-16189: Added network validations

          Web Link RHEA-2023:7198 rpm

          mentioned on

          GitLab Merge request - Bump IBM integration to our latest prod image.

          Activity

            People

              jparrill@redhat.com Juan Manuel Parrilla Madrid
              mavazque@redhat.com Mario Vazquez Cebrian
              Liangquan Li Liangquan Li
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: