Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19955

when disabling ipsec, ds pods are deleted

XMLWordPrintable

    • Important
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-19918. The following is the description of the original issue:

      Description of problem:

      Issue was found when analyzing  bug https://issues.redhat.com/browse/OCPBUGS-19817
      
      

      Version-Release number of selected component (if applicable):

      4.15.0-0.ci-2023-09-25-165744
      
      

      How reproducible:

      everytime 
      

      Steps to Reproduce:

      The cluster is ipsec cluster and enabled NS extension and ipsec service.
      1.  enable e-w ipsec & wait for cluster to settle
      2.  disable ipsec & wait for cluster to settle
      
      you'll observer ipsec pods are deleted
      
      

      Actual results:

      no pods
      

      Expected results:

      pods should stay
      see https://github.com/openshift/cluster-network-operator/blob/master/pkg/network/ovn_kubernetes.go#L314
      	// If IPsec is enabled for the first time, we start the daemonset. If it is
      	// disabled after that, we do not stop the daemonset but only stop IPsec.
      	//
      	// TODO: We need to do this as, by default, we maintain IPsec state on the
      	// node in order to maintain encrypted connectivity in the case of upgrades.
      	// If we only unrender the IPsec daemonset, we will be unable to cleanup
      	// the IPsec state on the node and the traffic will continue to be
      	// encrypted.
      
      

      Additional info:

      
      

              ykashtan Yuval Kashtan
              openshift-crt-jira-prow OpenShift Prow Bot
              Huiran Wang Huiran Wang
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: