Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19955

when disabling ipsec, ds pods are deleted


    • Important
    • No
    • Rejected
    • False
    • Hide



      This is a clone of issue OCPBUGS-19918. The following is the description of the original issue:

      Description of problem:

      Issue was found when analyzing  bug https://issues.redhat.com/browse/OCPBUGS-19817

      Version-Release number of selected component (if applicable):


      How reproducible:


      Steps to Reproduce:

      The cluster is ipsec cluster and enabled NS extension and ipsec service.
      1.  enable e-w ipsec & wait for cluster to settle
      2.  disable ipsec & wait for cluster to settle
      you'll observer ipsec pods are deleted

      Actual results:

      no pods

      Expected results:

      pods should stay
      see https://github.com/openshift/cluster-network-operator/blob/master/pkg/network/ovn_kubernetes.go#L314
      	// If IPsec is enabled for the first time, we start the daemonset. If it is
      	// disabled after that, we do not stop the daemonset but only stop IPsec.
      	// TODO: We need to do this as, by default, we maintain IPsec state on the
      	// node in order to maintain encrypted connectivity in the case of upgrades.
      	// If we only unrender the IPsec daemonset, we will be unable to cleanup
      	// the IPsec state on the node and the traffic will continue to be
      	// encrypted.

      Additional info:


            ykashtan Yuval Kashtan
            openshift-crt-jira-prow OpenShift Prow Bot
            Huiran Wang Huiran Wang
            0 Vote for this issue
            7 Start watching this issue