Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.15.0
Affects Version/s: 4.14
Component/s: Networking / ovn-kubernetes
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Cause: When there is an error reconciling an Admin Policy Based External Route CR for the first time
Consequence: The CR's Status field will fail to update
Fix: Ensure that the `LastTransitionTime` field is always initialized when updating the status.
Result: The Admin Policy Based External Route Status is updated in both success and failure during its first reconciliation.

Show
Cause: When there is an error reconciling an Admin Policy Based External Route CR for the first time Consequence: The CR's Status field will fail to update Fix: Ensure that the `LastTransitionTime` field is always initialized when updating the status. Result: The Admin Policy Based External Route Status is updated in both success and failure during its first reconciliation.
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Target Version:

4.15.0

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

On the prerelease doc Configure a secondary external gateway, on stop 3. we state the output of said command should confirm the admin policy has been created:

#oc describe apbexternalroute <name> | tail -n 6

First of all this is a typo there is no "apbexternalroute", the correct term is "adminpolicybasedexternalroutes", even if we use the correct term, the resulting output is almost not relevant as per the status of said policy, it just reports on the policy it's self and well some minor details like time and so on.

Version-Release number of selected component (if applicable):

4.14.0-0.nightly-2023-10-04-143709

How reproducible:

Every time

Steps to Reproduce:

1. Deploy a cluster
2. Boot up a pod under a namespace
3. $ cat 4.create.abp_static_bar1.yaml  later apply said policy
apiVersion: k8s.ovn.org/v1
kind: AdminPolicyBasedExternalRoute
metadata:
  name: first-policy
spec:
## gateway example
  from:
    namespaceSelector:
      matchLabels:
          kubernetes.io/metadata.name: bar
  nextHops:       
    static:
      - ip: "173.20.0.8"
      - ip: "173.20.0.9"
4. confirm policy in place: $ oc getadminpolicybasedexternalroutes.k8s.ovn.org 
NAME           LAST UPDATE   STATUS
first-policy   

5. But wow do we test the policies status? 
The doc's guide doesn't help much:  $ oc describeadminpolicybasedexternalroutes.k8s.ovn.org <name> | tail -n 6 

$ oc describe adminpolicybasedexternalroutes.k8s.ovn.org first-policy 
Name:         first-policy
Namespace:    
Labels:       <none>
Annotations:  <none>
API Version:  k8s.ovn.org/v1
Kind:         AdminPolicyBasedExternalRoute
Metadata:
  Creation Timestamp:  2023-10-30T20:09:20Z
  Generation:          1
  Resource Version:    10904672
  UID:                 3c4a60da-a618-45b1-94a8-2085dcdc5631
Spec:
  From:
    Namespace Selector:
      Match Labels:
        kubernetes.io/metadata.name:  bar
  Next Hops:
    Static:
      Bfd Enabled:  false
      Ip:           173.20.0.8
      Bfd Enabled:  false
      Ip:           173.20.0.9
Events:             <none>
 

Noting regarding policy status shows up, if this is even supported at all, other than fixing the doc, if there is a way to view the status it should be documented. One more thing if there is indeed a policy status shouldn't it also populate the status column here:

$ oc get adminpolicybasedexternalroutes.k8s.ovn.org 
NAME           LAST UPDATE   STATUS
first-policy                   ^ 

Asking as on another bug https://issues.redhat.com/browse/OCPBUGS-22706, I recreated a situation where the status should have reported an error yet it never did nor does it update the above table, come to think of it the last update column too has never exposed any data either, in which case why do we even have these two columns to begin with?

Actual results:

Expected results:

Additional info:

causes

SDN-4149 Add StatusManager to CM, update APBRoute status

Closed

depends on

OCPBUGS-24650 AdminPolicyBasedExternalRoute status.Status is not updated

Verified

is cloned by

OCPBUGS-24320 [4.14] Can we view status of an adminbased external route policy, if so then how/where?

Closed

is depended on by

OCPBUGS-24320 [4.14] Can we view status of an adminbased external route policy, if so then how/where?

Closed

is related to

OCPBUGS-22706 Targeting a namespace with a second AdminPolicyBasedExternalRoute isn't blocked/reported as an error.

Closed

links to

APB: Ensure last transition time is always updated in status regardless of success or failure

OCPBUGS-21773: Downstream Merge 22nd November 2023

openshift/cluster-network-operator#2139: OCPBUGS-22710: Add apbroute/status patch rights for ovnkube-node to update status

openshift/cluster-network-operator#2149: SDN-4308,OCPBUGS-22710: Set enable-multi-external-gateway flag in ovnkube.conf

openshift/cluster-network-operator#2158: [release-4.15] OCPBUGS-22710: Set enable-multi-external-gateway flag in ovnkube.conf

RHSA-2023:7198 OpenShift Container Platform 4.15 security update

(6 links to)

Assignee:: Jordi Gil

Reporter:: Tzach Shefi

QA Contact:: Qiong Wang

Contributors:: Nadia Pinaeva

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2023/10/30 8:31 PM

Updated:: 2024/02/27 9:05 PM

Resolved:: 2024/02/27 9:05 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates