-
Bug
-
Resolution: Done-Errata
-
Major
-
4.14.0
-
None
-
Critical
-
No
-
Rejected
-
False
-
Description of problem:
CNCC failed to assign egressIP to NIC for Azure Workload Identity Cluster Refer to https://issues.redhat.com/browse/CCO-294
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-08-11-055332
How reproducible:
Always
Steps to Reproduce:
1. Created a Azure Workload Identity Cluster by "workflow-launch cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-tp 4.14" from cluster-bot 2. Configure egressIP 3.
Actual results:
% oc get egressip NAME EGRESSIPS ASSIGNED NODE ASSIGNED EGRESSIPS egressip-3 10.0.128.100 % oc get cloudprivateipconfig -o yaml apiVersion: v1 items: - apiVersion: cloud.network.openshift.io/v1 kind: CloudPrivateIPConfig metadata: annotations: k8s.ovn.org/egressip-owner-ref: egressip-3 creationTimestamp: "2023-08-14T04:41:05Z" finalizers: - cloudprivateipconfig.cloud.network.openshift.io/finalizer generation: 1 name: 10.0.128.100 resourceVersion: "65159" uid: 2b7b1137-0e2e-46e8-9bca-1176330322a9 spec: node: ci-ln-b4tlp9t-1d09d-2chnb-worker-centralus1-jgqp2 status: conditions: - lastTransitionTime: "2023-08-14T04:41:17Z" message: 'Error processing cloud assignment request, err: network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client ''d367c1b8-9f5d-4257-b5c8-363f61af32c2'' with object id ''d367c1b8-9f5d-4257-b5c8-363f61af32c2'' has permission to perform action ''Microsoft.Network/networkInterfaces/write'' on scope ''/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-b4tlp9t-1d09d/providers/Microsoft.Network/networkInterfaces/ci-ln-b4tlp9t-1d09d-2chnb-worker-centralus1-jgqp2-nic''; however, it does not have permission to perform action ''Microsoft.Network/virtualNetworks/subnets/join/action'' on the linked scope(s) ''/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-b4tlp9t-1d09d/providers/Microsoft.Network/virtualNetworks/ci-ln-b4tlp9t-1d09d-2chnb-vnet/subnets/ci-ln-b4tlp9t-1d09d-2chnb-worker-subnet'' or the linked scope(s) are invalid."' observedGeneration: 1 reason: CloudResponseError status: "False" type: Assigned node: ci-ln-b4tlp9t-1d09d-2chnb-worker-centralus1-jgqp2 kind: List metadata: resourceVersion: ""
Expected results:
EgressIP can be assigned to egress node
Additional info:
- blocks
-
CCO-294 Update Azure Credentials Request manifest of the Cluster Network Operator to use new API field for requesting permissions
- Closed
- links to
-
RHEA-2023:5006 rpm