Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: 4.17
Component/s: Networking / router
Labels:
- ne-triaged

Severity:
Low
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

If you run TestAllowedSourceRangesStatus twice, it fails due to the service created by the IngressController not getting deleted.

The root cause appears to be a change in brought in by the rebase https://github.com/openshift/cloud-provider-azure/pull/113, and more specifically the upstream PR https://github.com/kubernetes-sigs/cloud-provider-azure/pull/5885 which now properly rejects both spec.LoadBalancerSourceRanges and "service.beta.kubernetes.io/load-balancer-source-ranges" set at the same time.


The Azure CCM is throwing this error message and not reconciling/deleting the service:

E0612 16:22:37.193349       1 azure_loadbalancer.go:2952] "Failed to parse access control configuration for service" err="cannot set both spec.LoadBalancerSourceRanges and service annotation service.beta.kubernetes.io/azure-allowed-ip-ranges" logger="reconcileSecurityGroup" cluster="ci-op-mv04309s-04a70-6jszn" service="openshift-ingress/router-sourcerangesstatus" load-balancer="ci-op-mv04309s-04a70-6jszn" delete-lb=true

Version-Release number of selected component (if applicable):

4.17

How reproducible:

100%

Steps to Reproduce:

$ make TEST=TestAllowedSourceRangesStatus test-e2e
go generate ./pkg/manifests
CGO_ENABLED=1 GO111MODULE=on GOFLAGS=-mod=vendor go test -timeout 1h -count 1 -v -tags e2e -run "TestAllowedSourceRangesStatus" ./test/e2e
=== RUN   TestAllowedSourceRangesStatus
=== PAUSE TestAllowedSourceRangesStatus
=== CONT  TestAllowedSourceRangesStatus
    allowed_source_ranges_test.go:187: Annotation: [127.0.0.0/8], AllowedSourceRanges: []
    allowed_source_ranges_test.go:187: Annotation: [127.0.0.0/8], AllowedSourceRanges: [127.0.0.0/8]
    allowed_source_ranges_test.go:224: LoadBalancerSourceRanges: [0.0.0.0/0], AllowedSourceRanges: [127.0.0.0/8]
    allowed_source_ranges_test.go:224: LoadBalancerSourceRanges: [0.0.0.0/0], AllowedSourceRanges: [0.0.0.0/0]
    allowed_source_ranges_test.go:153: deleted ingresscontroller sourcerangesstatus
--- PASS: TestAllowedSourceRangesStatus (235.23s)
PASS
ok      github.com/openshift/cluster-ingress-operator/test/e2e    235.981s

# The router-sourcerangesstatus service isn't deleted
$ oc get svc -n openshift-ingress
NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                      AGE
router-default              LoadBalancer   172.30.224.151   52.160.87.200   80:31650/TCP,443:32706/TCP   56m
router-internal-default     ClusterIP      172.30.69.193    <none>          80/TCP,443/TCP,1936/TCP      56m
router-sourcerangesstatus   LoadBalancer   172.30.166.203   13.91.80.139    80:32720/TCP,443:32046/TCP   3m59s

Actual results:

Service not deleted

Expected results:

Service should be deleted.

Additional info:

is related to

OCPBUGS-35757 Azure CCM now throws error when using both load-balancer-source-ranges annotation and spec.LoadBalancerSourceRanges

ASSIGNED

relates to

OCPBUGS-35368 TestAllowedSourceRangesStatus expected the annotation to be reflected in status.allowedSourceRanges flake

Verified

Assignee:: Grant Spence

Reporter:: Grant Spence

QA Contact:: Hongan Li

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/06/13 6:04 PM

Updated:: 2024/06/18 4:49 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates