Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.15.z
Affects Version/s: 4.16.0
Component/s: Networking / cluster-network-operator
Labels:

Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Previously, the Cluster Network Operator (CNO) IPsec mechanism incorrectly behaved on a cluster that had multiple worker machine config pools. With this release, CNO Ipsec mechanism works as intended for a cluster with multiple worker machine config pools. This fix does not apply to updating an IPsec-enabled cluster with multiple paused machine config pools. (link:https://issues.redhat.com/browse/OCPBUGS-37205[*~~OCPBUGS-37205~~*])

Show
Previously, the Cluster Network Operator (CNO) IPsec mechanism incorrectly behaved on a cluster that had multiple worker machine config pools. With this release, CNO Ipsec mechanism works as intended for a cluster with multiple worker machine config pools. This fix does not apply to updating an IPsec-enabled cluster with multiple paused machine config pools. (link: https://issues.redhat.com/browse/OCPBUGS-37205 [* OCPBUGS-37205 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Customer Impact:

Customer Escalated
Target Version:

4.15.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:

Description of problem:

CNO assumes only master and worker machine config pools present on the cluster, While running CI with 24 nodes, it's found that there are two more pools infra and workload present. So these pools are also taken into consideration while rolling out ipsec machine config.

# omg get mcp
NAME      CONFIG                                              UPDATED  UPDATING  DEGRADED  MACHINECOUNT  READYMACHINECOUNT  UPDATEDMACHINECOUNT  DEGRADEDMACHINECOUNT  AGE
infra     rendered-infra-52f7615d8c841e7570b7ab6cbafecac8     True     False     False     3             3                  3                    0                     38m
master    rendered-master-fbb5d8e1337d1244d30291ffe3336e45    True     False     False     3             3                  3                    0                     1h10m
worker    rendered-worker-52f7615d8c841e7570b7ab6cbafecac8    False    True      False     24            12                 12                   0                     1h10m
workload  rendered-workload-52f7615d8c841e7570b7ab6cbafecac8  True     False     False     0             0                  0                    0                     38m

CI run: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/50740/rehearse-50740-pull-ci-openshift-qe-ocp-qe-perfscale-ci-main-azure-4.16-nightly-x86-control-plane-ipsec-24nodes/1782308642033242112

clones

OCPBUGS-32525 CNO must consider infra and workload machine config pools for IPsec rollout

Closed

depends on

OCPBUGS-32525 CNO must consider infra and workload machine config pools for IPsec rollout

Closed

is documented by

SDN-5146 Impact: Unexpected Behavior During Cluster Upgrade (4.14.23 to 4.15.15) for the ovn-ipsec-host pods

Closed

links to

openshift/cluster-network-operator#2439: OCPBUGS-37205: Check every MachineConfigPool for IPsec plugin existence

RHBA-2024:4955 OpenShift Container Platform 4.15.z bug fix update

Assignee:: Yuval Kashtan

Reporter:: Periyasamy Palanisamy

QA Contact:: Anurag Saxena

Contributors:: Jamo Luhrsen

Votes:: 2 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2024/07/17 4:04 PM

Updated:: 2024/08/07 9:55 AM

Resolved:: 2024/08/07 1:16 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates