Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.19.0
Affects Version/s: 4.19
Component/s: Networking / cluster-network-operator
Labels:
None

Severity:
Important
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
N/A
Release Note Type:
Release Note Not Required
Release Note Status:
Done
Target Version:

4.19.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

After deleting the user defined CSR, CNO kept in Degraded status

Version-Release number of selected component (if applicable):

Pre-merge tested https://github.com/openshift/cluster-network-operator/pull/2560

How reproducible:

Always

Steps to Reproduce:
1. Manually sent user defined CSR to CNO by creating below CSR.



{code:java}
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: ipsec-csr-test-80237
  labels:
    k8s.ovn.org/ipsec-csr: test-node
spec:
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQW9NRFc5MmJtdDFZbVZ5Ym1WMApaWE14RFRBTEJnTlZCQXNNQkd0cGJtUXhEVEFMQmdOVkJBTU1CRlJGVTFRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERC96ZGhpYWppVlJJQmhMeTIwR1RENWE1QTBuZEVsVXg1ckEyWHVNZ0gKL2g1Yk11SWlvOUhOR1lVdnVwU1ZZNFJhV01CbC9yRFZYQzZPenZzVk53Vk92UVlnTnlhcVJzWnJrY1lSUTAycApsT0NFWTM3VStLQXN3RDF4amxiTGp3YU56Z2hsVVU5U2c0TFY4VkorQ3JLcFZId2laelBoVGpLUVVBZTBJbHRMCmlXRmNwTit2NC9GeGdKcXRKQXZtUjFZenN0ZUVmOEFwZExvNHpyUDJuMEJzUmx5TnlTVUxDWWFFekpkbXE2QWkKckVVdEVFekVNUEtqR1ZJZzljZDlvYVpuUTZDKzlXcUQwcUttWmJXZ2piNXV5OEpmdGxKNGxqbjNRNExPZWNnNgpqUFNXZ3VIV1NMYUFzYmg2bFNMdEkydVNRNnppYlBMdkIwWTR4WnA4ZjV4ckFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFzQW00VDhHK3lUekJnWTBaeE1oeEQ0eFFWSk84Nm1FSmRsaVZMMUVsaTlIcG9Wa1MKNHRmWlpuNXdBUGhKRGtSMjZCUjJseE9hZDJYdWhCWkl0MjFqOS9CWFNtdmJpbmc2R3hva2pGWFN2VFh1eHNIUgpDdUhWZ09DcUpxN1puOCtnT0ZaMG51OGVIcUNSRDFyZjBEdUdmNWphbDN4UVhOY0xMSEo5VEFLVGdnU0lqL21GCk9QS21wMEJEL3l3VkkrWlpNQ3ZFYWNLMUhINTV6Zk1rK2VSRTlIdWVpMWk4SkswYmZqZUI5Z3BFek9ZSEhVZ2oKOTd0NHE2YkZUTnIrbTh3N3FUYzZaU0I2Z20yVUhOYTVIRUtKaXdMdWdvR0V2K0wzamZsUE5idlBReVVRbkFpVAo1TDV3RFYxV2ZBV2FHdk5saXZYWm9sVGloTFpEQWl1S25tRkRmUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
  signerName: network.openshift.io/signer
  usages:
  - ipsec tunnel

2. Delete CSR

    Actual results:{code:none}
CNO was keeping in degraded status even csr was deleted

{code:java}
 % oc get co network
NAME      VERSION                                                   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
network   4.19.0-0.ci.test-2025-03-26-015315-ci-ln-g8dqch2-latest   True        False         True       4h      Unable to update csr: CertificateSigningRequest.certificates.k8s.io "ipsec-csr-test-80237" is invalid: status.conditions[1].type: Duplicate value: "Failed"

 % oc get csr
No resources found

workaround: restart CNO pod.

    Expected results:{code:none}

Additional info:

links to

openshift/cluster-network-operator#2674: OCPBUGS-54238: Reset network status when CSR is deleted

RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update

Assignee:: Periyasamy Palanisamy

Reporter:: Huiran Wang

QA Contact:: Huiran Wang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/03/26 8:12 AM

Updated:: 2025/06/17 4:55 PM

Resolved:: 2025/06/17 4:55 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates