-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.17, 4.18
-
+
-
None
-
False
-
-
-
Bug Fix
-
In Progress
-
-
-
-
Description of problem:
When setting .spec.storage.azure.networkAccess.type: Internal (without providing vnet and subnet names), the image registry will attempt to discover the vnet by tag. Previous to the installer switching to cluster-api, the vnet tagging happened here: https://github.com/openshift/installer/blob/10951c555dec2f156fad77ef43b9fb0824520015/pkg/asset/cluster/azure/azure.go#L79-L92. After the switch to cluster-api, this code no longer seems to be in use, so the tags are no longer there. From inspection of a failed job, the new tags in use seem to be in the form of `sigs.k8s.io_cluster-api-provider-azure_cluster_$infraID` instead of the previous `kubernetes.io_cluster.$infraID`. Image registry operator code responsible for this: https://github.com/openshift/cluster-image-registry-operator/blob/master/pkg/storage/azure/azure.go?plain=1#L678-L682 More details in slack discussion with installer team: https://redhat-internal.slack.com/archives/C68TNFWA2/p1726732108990319
Version-Release number of selected component (if applicable):
4.17, 4.18
How reproducible:
Always
Steps to Reproduce:
1. Get an Azure 4.17 or 4.18 cluster 2. oc edit configs.imageregistry/cluster 3. set .spec.storage.azure.networkAccess.type to Internal
Actual results:
The operator cannot find the vnet (look for "not found" in operator logs)
Expected results:
The operator should be able to find the vnet by tag and configure the storage account as private
Additional info:
If we make the switch to look for vnet tagged with `sigs.k8s.io_cluster-api-provider-azure_cluster_$infraID`, one thing that needs to be tested is BYO vnet/subnet clusters. What I have currently observed in CI is that the cluster has the new tag key with `owned` value, but for BYO networks the value *should* be `shared`, but I have not tested it. --- Although this bug is a regression, I'm not going to mark it as such because this affects a fairly new feature (introduced on 4.15), and there's a very easy workaround (manually setting the vnet and subnet names when configuring network access to internal).
- blocks
-
OCPBUGS-42394 Azure private account setup with vnet discovery fails to find vnet by tag
- Closed
- is cloned by
-
OCPBUGS-42394 Azure private account setup with vnet discovery fails to find vnet by tag
- Closed
- is related to
-
OCPBUGS-42732 Image registry operator becomes degraded when setting management state to Removed when networkAccess is set to Internal
- Verified
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update