Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: 4.16.0
Affects Version/s: 4.16.0
Component/s: HyperShift / OCP Virtualization
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

When creating an HostedCluster with 'NodePort' service publishing strategy, the VMs (guest nodes) are trying to contact HCP services, such as ignition and oauth. If these services are colocated on the same infra node, they can't be reached via NodePort because the 'virt-launcher' NetworkPolicy is blocking it.
Need to explicitly add access to oauth and ignition-server-proxy pods so they can be reached from the virtual machines on the same node.

Version-Release number of selected component (if applicable):

4.16.0

How reproducible:

Always, if conditions are met

Steps to Reproduce:

    1. As described above
    2.
    3.

Actual results:

VMs are not joining the cluster as nodes if the ignition server is running on the same infra node as the VM.

Expected results:

All VMs are joining the cluster as nodes, and the HostedCluster is eventually Completed and Available

Additional info:

links to

openshift/hypershift#3680: OCPBUGS-30301: [kubevirt] Fix virt-launcher netpol to allow missing access

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

Assignee:: Oren Cohen

Reporter:: Oren Cohen

QA Contact:: Liangquan Li

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/03/06 9:47 AM

Updated:: 2024/06/27 11:38 AM

Resolved:: 2024/06/27 11:38 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates