Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: 4.16.0
Affects Version/s: 4.16.0
Component/s: HyperShift / OCP Virtualization
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

When creating an HostedCluster with 'NodePort' service publishing strategy, the VMs (guest nodes) are trying to contact HCP services, such as ignition and oauth. If these services are colocated on the same infra node, they can't be reached via NodePort because the 'virt-launcher' NetworkPolicy is blocking it.
Need to explicitly add access to oauth and ignition-server-proxy pods so they can be reached from the virtual machines on the same node.

Version-Release number of selected component (if applicable):

4.16.0

How reproducible:

Always, if conditions are met

Steps to Reproduce:

    1. As described above
    2.
    3.

Actual results:

VMs are not joining the cluster as nodes if the ignition server is running on the same infra node as the VM.

Expected results:

All VMs are joining the cluster as nodes, and the HostedCluster is eventually Completed and Available

Additional info:

Attachments

Issue Links

links to

openshift/hypershift#3680: OCPBUGS-30301: [kubevirt] Fix virt-launcher netpol to allow missing access

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

Activity

People

Assignee:: Oren Cohen

Reporter:: Oren Cohen

QA Contact:: Liangquan Li

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2024/03/06 9:47 AM

Updated:: 2024/03/12 8:11 PM