Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-5464

CSR generated during SNO dualstack cluster restore contains unexpected IPv6 address

    XMLWordPrintable

Details

    • Moderate
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      After restarting kubelet as part of 'restore to previous cluster state' procedure a CSR is created. Inspecting it reveals that IPv6 address is incorrect:

      oc describe csr csr-tmrn2
Name:               csr-tmrn2
Labels:             <none>
Annotations:        <none>
CreationTimestamp:  Fri, 06 Jan 2023 09:45:48 -0500
Requesting User:    system:node:sno-0
Signer:             kubernetes.io/kubelet-serving
Status:             Pending
Subject:
  Common Name:    system:node:sno-0
  Serial Number:
  Organization:   system:nodes
Subject Alternative Names:
         DNS Names:     sno-0
         IP Addresses:  10.1.101.49
                        fd69::2
Events:  <none>

      Note "fd69::2" IPv6 address. Previously generated CSRs report expected IP

      oc describe csr csr-792jp
Name:               csr-792jp
Labels:             <none>
Annotations:        <none>
CreationTimestamp:  Fri, 06 Jan 2023 08:03:43 -0500
Requesting User:    system:node:sno-0
Signer:             kubernetes.io/kubelet-serving
Status:             Approved,Issued
Subject:
  Common Name:    system:node:sno-0
  Serial Number:
  Organization:   system:nodes
Subject Alternative Names:
         DNS Names:     sno-0
         IP Addresses:  10.1.101.49
                        2620:52:0:165::31
Events:  <none>

      Version-Release number of selected component (if applicable):

      4.12.0-rc.6

      How reproducible:

      So far ran the procedure once

      Steps to Reproduce:

      1. Follow "Restore to previous cluster state" procedure on baremetal dualstack SNO cluster
2.
3.

      Actual results:

      Rogue IPv6 address present in CSR

      Expected results:

      Correct(IPv6 address configured by operator) is added into CSR

      Additional info:

      That's interface from SNO node:

 ip a s br-ex
10: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 40:a6:b7:9a:6a:e8 brd ff:ff:ff:ff:ff:ff
    inet 10.1.101.49/28 brd 10.1.101.63 scope global noprefixroute br-ex
       valid_lft forever preferred_lft forever
    inet 169.254.169.2/29 brd 169.254.169.7 scope global br-ex
       valid_lft forever preferred_lft forever
    inet6 fd69::2/125 scope global nodad
       valid_lft forever preferred_lft forever
    inet6 2620:52:0:165::31/124 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::42a6:b7ff:fe9a:6ae8/64 scope link noprefixroute
       valid_lft forever preferred_lft forever


After some time those CSRs were automatically approved

      Attachments

        Activity

          People

            bnemec@redhat.com Benjamin Nemec
            yprokule@redhat.com Yurii Prokulevych
            Sunil Choudhary Sunil Choudhary
            Mike Lammon
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: