Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42308

private image registry storage account should not be enabled when using Azure File CSI in 4.17

XMLWordPrintable

    • None
    • 2
    • OSDOCS Sprint 260
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Due to a change in storage account naming in {product-title} {product-version}, the Azure File Container Storage Interface (CSI) driver now alphabetically matches storage account of the Image Registry Operator. With this change, there is a known issue where the Azure File CSI driver fails to mount all volumes when the image registry is configured as private. The mount failures occur because the CSI driver tries to use the storage account of the Image Registry Operator, which is not configured to allow connections from worker subnets.
      +
      As a temporary workaround, the image registry should not be configured as private when using the Azure File CSI driver. This is a known issue and will be fixed in a future version of {product-title}. (link:https://issues.redhat.com/browse/OCPBUGS-42308[*OCPBUGS-42308*])
      Show
      * Due to a change in storage account naming in {product-title} {product-version}, the Azure File Container Storage Interface (CSI) driver now alphabetically matches storage account of the Image Registry Operator. With this change, there is a known issue where the Azure File CSI driver fails to mount all volumes when the image registry is configured as private. The mount failures occur because the CSI driver tries to use the storage account of the Image Registry Operator, which is not configured to allow connections from worker subnets. + As a temporary workaround, the image registry should not be configured as private when using the Azure File CSI driver. This is a known issue and will be fixed in a future version of {product-title}. (link: https://issues.redhat.com/browse/OCPBUGS-42308 [* OCPBUGS-42308 *])
    • Known Issue
    • In Progress

      Description of problem:

      Due to a change in storage account naming in 4.17 Azure File CSI driver now alphabetically matches storage account of image registry operator instead of the one created by installer. Matching foreign accounts is by itself a flaw but would not break the CSI storage. However, if the registry is configured as private the CSI driver can not handle this setting (with defaults) and will fail to mount volumes because it does not have worker subnet added to allowed networks for the storage account it tries to use (the one from registry operator).

We have a solution proposed already that would prevent our driver from matching foreign storage accounts and would also ensure we don't use any private settings with Azure File CSI Driver as it's untested. However our QE team does not have enough capacity to properly test the change in 4.17.0 but would be able to test this later so we can ship it in z-stream.

The proposal here is to document this as a known issue and suggest users don't enable private image registry when using Azure File CSI until we release the fix in z-stream.

              rhn-support-stevsmit Steven Smith
              rbednar@redhat.com Roman Bednar
              XiuJuan Wang XiuJuan Wang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: