-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.19
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When using Tigera Calico CNI on a management cluster, a hosted cluster can't be started successfully.
The virt-launcher can not download Ignition files from the Ingition server because of TLS handhake error (see below).
Seen in this CI run. The complete set up can be seen on this branch
Version-Release number of selected component (if applicable):
4.19
How reproducible:
Always
Steps to Reproduce:
1. Setup OCP management cluster with Tigera Calico network stack (the install-config.yaml should specify ingressVIPs for configuring the virtual IP address for ingress traffic) 3. Install the Hypershift operator on the management cluster to allow creating hosted clusters. 4. Created a hosted cluster using kubevirt
Actual results:
The NodePool is waiting for Nodes to join.
- lastTransitionTime: "2025-05-12T15:52:46Z"
message: Minimum availability requires 3 replicas, current 0 available
observedGeneration: 1
reason: WaitingForAvailableMachines
status: "False"
type: Ready
The console-logger pod for VMs created by Kubevirt shows errors like this one:
[ 943.962929] ignition[873]: GET error: Get "https://ignition-server-clusters-40555e6442475d57eef6.apps.ostest.test.metalkube.org/ignition": net/http: TLS handshake timeout
Expected results:
The nodes successfully join the NodePool and the hosted cluster starts successfully.
Additional info:
This issue is slightly different from Cilium's https://issues.redhat.com/browse/OCPBUGS-54574 where the console-logger pod reports i/o timeout (there it's caused by a NetworkPolicy that prevents the network traffic)
The root cause is unknown.