Bug 1880591: Fixes race during 4.5->4.6 upgrade with ovn node and master

[trozet]

When an ovnkube-node upgrades, it annotates its gateway config onto the
kubernets node object. When ovnkube-master sees this node add/update
event it then will try to sync its gateway configuration in OVN. In
ovnkube-master 4.6, if we see a node that is in a 4.5 state, but its pod
is a 4.6 ovnkube-pod we will ignore doing any OVN gateway config on it.
However, this patch addresses a case where 4.6 ovnkube-node upgraded,
started, and annotated its node, before ovnkube-master pod was upgraded
to 4.6. In that case the old 4.5 ovnkube-master code will try to create
a gateway interface, for the updated node, and we were never setting
that interface ID. Thus, OVN would get a new port with an empty name in
addition to its already configured br-local port and not know which one
to use. If it picks the "new port" then kapi access will stop working.

This patch works around this potential race by setting the node
annotation to the old interface value in 4.6 ovnkube-node so that if we
hit this race, the old ovnkube-master code will not create an empty
additional port in OVN.

Signed-off-by: Tim Rozet trozet@redhat.com

[openshift-ci-robot]

@trozet: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

Fixes race during 4.5->4.6 upgrade with ovn node and master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@trozet: This pull request references Bugzilla bug 1880591, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.6.0) matches configured target release for branch (4.6.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
• dependent bug Bugzilla bug 1885344 is in the state VERIFIED, which is one of the valid states (MODIFIED, VERIFIED)
• dependent Bugzilla bug 1885344 targets the "4.7.0" release, which is one of the valid target releases: 4.7.0
• bug has dependents

In response to this:

Bug 1880591: Fixes race during 4.5->4.6 upgrade with ovn node and master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[danwinship]

/lgtm
I don't really know the details of this code but this all sounds plausible

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[trozet]

/hold

[abhat]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhat, danwinship, trozet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abhat,danwinship,trozet]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[abhat]

/test e2e-vsphere-ovn
/test e2e-gcp-ovn

[openshift-ci-robot]

@trozet: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-vsphere-ovn	480d7bd	link	/test e2e-vsphere-ovn
ci/prow/e2e-gcp-ovn	480d7bd	link	/test e2e-gcp-ovn
ci/prow/e2e-metal-ipi-ovn-ipv6	480d7bd	link	/test e2e-metal-ipi-ovn-ipv6
ci/prow/e2e-metal-ipi-ovn-dualstack	480d7bd	link	/test e2e-metal-ipi-ovn-dualstack

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[dcbw]

/retest

[vrutkovs]

/retest

[trozet]

/hold cancel

[trozet]

With a manual upgrade yesterday on metal (thanks @rbbratta ) it works. There is a period of time during upgrade after network is rolled out that openshift-api-server becomes unavailable, and clusterversion will complain with a warning. About 5 minutes later openshift-api-server becomes available again and upgrade completes. I'm not sure what causes this, or if it is expected. But it's something else we need to look into. For now this fix does resolve the race.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@trozet: All pull requests linked via external trackers have merged:

• openshift/cluster-network-operator#825
• openshift/cluster-network-operator#836
• openshift/machine-config-operator#2140
• openshift/ovn-kubernetes#281
• openshift/ovn-kubernetes#297
• openshift/ovn-kubernetes#305
• openshift/ovn-kubernetes#307
• ovn-org/ovn-kubernetes#1738

Bugzilla bug 1880591 has been moved to the MODIFIED state.

In response to this:

Bug 1880591: Fixes race during 4.5->4.6 upgrade with ovn node and master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.