-
Bug
-
Resolution: Done-Errata
-
Undefined
-
4.14.z, 4.15.z, 4.16.0
-
No
-
False
-
This is a clone of issue OCPBUGS-26977. The following is the description of the original issue:
—
Description of problem:
When using a custom CNI plugin in a hostedcluster, multus requires some CSRs to be approved. The component approving these CSRs is the network-node-identity. This component only gets the proper RBAC rules configured when networkType is set to Calico. In the current implementation, there is an condition that will apply the required RBAC if the networkType is set to Calico[1]. When using other CNI plugins, like Cilium, you're supposed to set networkType to Other. With current implementation, you won't get the required RBAC in place and as such, the required CSRs won't be approved automatically. [1] https://github.com/openshift/hypershift/blob/release-4.14/control-plane-operator/controllers/hostedcontrolplane/cno/clusternetworkoperator.go#L139
Version-Release number of selected component (if applicable):
Latest
How reproducible:
Always
Steps to Reproduce:
1. Set hostedcluster.spec.networking.networkType to Other 2. Wait for the HC to start deploying and for the Nodes to join the cluster 3. The nodes will remain in NotReady. Multus pods will complaing about certificates not being ready. 4. If you list CSRs you will find pending CSRs.
Actual results:
RBAC not properly configured when networkType set to Other
Expected results:
RBAC properly configured when networkType set to Other
Additional info:
Slack discussion: https://redhat-internal.slack.com/archives/C01C8502FMM/p1704824277049609
- clones
-
OCPBUGS-26977 Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other.
- Closed
- is blocked by
-
OCPBUGS-28235 Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other.
- Closed
- links to
-
RHBA-2024:0642 OpenShift Container Platform 4.14.z bug fix update