-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
None
-
None
-
None
-
CORENET Sprint 276, CORENET Sprint 277, CORENET Sprint 278
-
3
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
On certain Azure clusters, workers get the cloud.network.openshift.io/egress-ipconfig annotation set to the subnet of masters instead of workers. This makes it impossible to configure egress IPs on them, even if marked as egress-assignable.
Doing a deeper analysis of the source code together with the vnet configuration that reproduces the issue, we found out that:
- The source code first checks the subnets looking for the addressPrefix field[1].
- However, in the subnet where the issue reproduces, the addressPrefixes field is set with an single-element array instead. the addressPrefix field is unset.
- If there is no such a field, it falls back to the addressPrefixes field on the addressSpace field of the vnet[2].
- In the case of the cluster that reproduces the issue, the addressPrefixes of the vnet contains the address prefixes of all the subnets and the first one is the masters one.
- If the obtained address prefixes array has more than one element, only the first one is chosen[3].
So basically the mistake is that the code should not only check for the addressPrefix field but also for the addressPrefixes field while checking the subnet[1].
Version-Release number of selected component (if applicable):
Reproduced in 4.16.25.
Checking the source code, the bad logic[1] is in main and all the previously released versions.
How reproducible:
In some clusters, where the workers subnet is defined on the vnet using addressPrefixes array instead of addressPrefix
Steps to Reproduce:
- Make sure that the worker subnet uses addressPrefixes field and not addressPrefix
- Check worker cloud.network.openshift.io/egress-ipconfig annotation
Actual results:
cloud.network.openshift.io/egress-ipconfig annotation wrong. Assigning egress IPs to workers impossible.
Expected results:
cloud.network.openshift.io/egress-ipconfig correct. Assigning egress IPs to workers possible.
Additional info:
A similar issue caused a SIGSEV in openshift-install in the past, as reported and fixed in OCPBUGS-33234.
References:
[1] - https://github.com/openshift/cloud-network-config-controller/blob/release-4.16/pkg/cloudprovider/azure.go#L522-L529
[2] - https://github.com/openshift/cloud-network-config-controller/blob/release-4.16/pkg/cloudprovider/azure.go#L531-L537
[3] - https://github.com/openshift/cloud-network-config-controller/blob/release-4.16/pkg/cloudprovider/azure.go#L337-L351
