-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.13.0
-
None
-
None
-
Approved
-
False
-
https://github.com/openshift/cluster-network-operator/blob/830daae9472c1e3f525c0af66bc7ea4054de9989/bindata/network/openshift-sdn/sdn.yaml#L308
is executing the host's `oc` but in a container userspace. This breaks when we try to update RHCOS to RHEL9, but leave the SDN pods as rhel8.
This code looks likely better to directly write in Go instead of bash.
- blocks
-
COS-1926 Move RHCOS to RHEL 9.2 in OCP 4.13
-
- Closed
-
- links to
[OCPBUGS-5842] executes /host/usr/bin/oc
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Important: OpenShift Container Platform 4.13.0 security update), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:1326
New bug for deprecation OCPBUGS-7777 Azure OpenShiftSDN drop-icmp container uses deprecated oc observe cli arg
Flag --argument has been deprecated, and will be removed in a future release. Use --template instead.
Verified on 4.13.0-0.nightly-2023-02-17-090603
iptables -A AZURE_ICMP_ACTION -j LOG
iptables -A AZURE_ICMP_ACTION -j DROP
oc observe pods -n openshift-sdn --listen-addr='' -l app=sdn -a '{ .status.hostIP }' -- /var/run/add_iptables.sh
env:
- name: K8S_NODE
2023-02-20T16:27:58.093612587Z + iptables -A AZURE_ICMP_ACTION -j LOG 2023-02-20T16:27:58.104854186Z + iptables -A AZURE_ICMP_ACTION -j DROP 2023-02-20T16:27:58.107800612Z + oc observe pods -n openshift-sdn --listen-addr= -l app=sdn -a '{ .status.hostIP }' -- /var/run/add_iptables.sh 2023-02-20T16:27:58.181727766Z Flag --argument has been deprecated, and will be removed in a future release. Use --template instead. 2023-02-20T16:27:58.201410340Z E0220 16:27:58.201342 23677 memcache.go:255] couldn't get resource list for user.openshift.io/v1: the server is currently unable to handle the request
# oc rsh -c drop-icmp sdn-v7gqq sh-4.4# which oc /usr/bin/oc sh-4.4# oc version Client Version: 4.13.0-202302151054.p0.g58e00ba.assembly.stream-58e00ba Kustomize Version: v4.5.7 Kubernetes Version: v1.26.0+919a59b
Anurag Saxena
added a comment - rbrattai@redhat.com Can you help verifying it? Thanks 
Aniket Bhat
added a comment - Thanks Scott. It was utterly confusing for me. I appreciate you straightening this out.
Aniket Bhat
added a comment - Thanks Scott. It was utterly confusing for me. I appreciate you straightening this out. anbhat The CNO change got reverted because it depended on the openshift/sdn change that hadn't merged yet and as a result 4.13 started failing. I'm going to move this back to post because we need to get https://github.com/openshift/cluster-network-operator/pull/1714 merged
https://github.com/openshift/release/pull/35508
https://github.com/openshift/sdn/pull/495
https://github.com/openshift/cluster-network-operator/pull/1681
Per the announcement sent regarding the removal of "Blocker" as an option in the Priority field, this issue (which was already closed at the time of the bulk update) had Priority = "Blocker." It is being updated to Priority = Critical. No additional fields were changed.