Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-43345

it needs manual intervention after removing the loadBalancer.allowedSourceRanges

XMLWordPrintable

    • Moderate
    • No
    • 1
    • NE Sprint 261
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Configuring loadBalancer.allowedSourceRanges then removing it, we could see the co/ingress stays in "Progressing" status and reports:

ingress   4.18.0-0.nightly-2024-10-14-110402   True        True          False      63m     ingresscontroller "default" is progressing: IngressControllerProgressing: One or more status conditions indicate progressing: LoadBalancerProgressing=True (OperandsProgressing: One or more managed resources are progressing: You have manually edited an operator-managed object. You must revert your modifications by removing the Spec.LoadBalancerSourceRanges field of LoadBalancer-typed service "router-default". You can use the new AllowedSourceRanges API field on the ingresscontroller to configure this setting instead.).    

      Version-Release number of selected component (if applicable):

          tested 4.18/4.17/4.16, might exists in older version

      How reproducible:

          100%

      Steps to Reproduce:

          1. adding loadBalancer.allowedSourceRanges to ingresscontroller
$ oc -n openshift-ingress-operator patch ingresscontrollers/default --type=merge --patch='{"spec":{"endpointPublishingStrategy":{"type":"LoadBalancerService","loadBalancer":{"scope":"External","allowedSourceRanges":["2.2.2.2/32"]}}}}'

    2. removing the loadBalancer.allowedSourceRanges configrations
$ oc -n openshift-ingress-operator patch ingresscontrollers/default --type=merge --patch='{"spec":{"endpointPublishingStrategy":{"type":"LoadBalancerService","loadBalancer":{"scope":"External","allowedSourceRanges":null}}}}'

     3. check co/ingress and service router-default

      Actual results:

          $ oc get co/ingress
NAME      VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
ingress   4.18.0-0.nightly-2024-10-14-110402   True        True          False      63m     ingresscontroller "default" is progressing: IngressControllerProgressing: One or more status conditions indicate progressing: LoadBalancerProgressing=True (OperandsProgressing: One or more managed resources are progressing: You have manually edited an operator-managed object. You must revert your modifications by removing the Spec.LoadBalancerSourceRanges field of LoadBalancer-typed service "router-default". You can use the new AllowedSourceRanges API field on the ingresscontroller to configure this setting instead.).


$ oc -n openshift-ingress get svc router-default -oyaml
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 172.30.12.5
  clusterIPs:
  - 172.30.12.5
  externalTrafficPolicy: Local
  healthCheckNodePort: 31914
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  loadBalancerSourceRanges:
  - 2.2.2.2/32                                    <---- still there

      Expected results:

          the ingress says "You have manually edited an operator-managed object" but actually it is updated by operator itself, so it should be removed from LB service by operator after user removing it from ingresscontroller.

      Additional info:

      workaround: run "oc edit svc router/default" and remove spec.loadBalancerSourceRanges manually  

       

              mmasters1@redhat.com Miciah Masters
              rhn-support-hongli Hongan Li
              Hongan Li Hongan Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: