Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 4.21.0
Affects Version/s: 4.17.z, 4.16.z, 4.18.z, 4.19.z
Component/s: Networking / ovn-kubernetes
Labels:
- SDN:OVNK:EgressFirewall

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:

4.17.z, 4.16.z, 4.18.z, 4.19.z, 4.20.z
Target Version:

4.21.0
Release Blocker:
None
Sprint:
CORENET Sprint 278, CORENET Sprint 279, CORENET Sprint 280
sprint_count:
3

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
PX Impact Score:

Release Note Status:
Done
Release Note Type:
Bug Fix
Release Note Text:

Hide
Before this update, the `AdminNetworkPolicy`, `AdminPolicyBasedRouteListers`, `EgressFirewall`, `EgressQoS` and `NetworkQoS` objects kept the `managedFields` status entries for nodes that had been deleted. As a consequence, a buildup of stale data occurred in etcd for large clusters with frequent node churn. With this release, the cleanup logic is fixed for all of these resource types. As a result, stale data buildup does not occur. (link:https://issues.redhat.com/browse/OCPBUGS-62262[~~OCPBUGS-62262~~])

Show
Before this update, the `AdminNetworkPolicy`, `AdminPolicyBasedRouteListers`, `EgressFirewall`, `EgressQoS` and `NetworkQoS` objects kept the `managedFields` status entries for nodes that had been deleted. As a consequence, a buildup of stale data occurred in etcd for large clusters with frequent node churn. With this release, the cleanup logic is fixed for all of these resource types. As a result, stale data buildup does not occur. (link: https://issues.redhat.com/browse/OCPBUGS-62262 [ OCPBUGS-62262 ])

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

EgressFirewalls still retain information about each deleted machine. On large clusters this build up overtime and end up filling etcd / breaking the api server etc.

Version-Release number of selected component (if applicable):

reproducing with 4.19.10

How reproducible:

trivial:

Steps to Reproduce:

1. create an EgressFirewall

2. delete some machines

3. oc get egressfirewall default -o yaml --show-managed-fields

Actual results:

managedFields still contains fields

- apiVersion: k8s.ovn.org/v1
  fieldsType: FieldsV1
  fieldsV1:
    f:status: {}
  manager: worker-7j7fv
  operation: Apply
  subresource: status
  time: "2025-09-25T21:57:58Z"

Expected results:

no leaked managed field

Additional info:

Please fill in the following template while reporting a bug and provide as much relevant information as possible. Doing so will give us the best chance to find a prompt resolution.

Affected Platforms:

OpenShift 4.16, 4.19

customer issue

is cloned by

OCPBUGS-65514 deleted nodes still present in egressfirewalls managed fields

Closed

is depended on by

OCPBUGS-65514 deleted nodes still present in egressfirewalls managed fields

Closed

links to

openshift/ovn-kubernetes#2846: OCPBUGS-50709,OCPBUGS-62262: DownStream Merge [11-06-2025]

upstream PR

Assignee:: Riccardo Ravaioli

Reporter:: Francois Rigault

Need Info From:: None

Contributors:: None

QA Contact:: Huiran Wang

Doc Contact:: None

Votes:: 2 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2025/09/25 10:20 PM

Updated:: 2026/02/10 9:53 AM

Resolved:: 2026/02/10 9:53 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates