kube-ovn stuck: Waiting to retry configuring Kube-OVN

This is not limited to focal, we see it on jammy too: https://oil-jenkins.canonical.com/artifacts/d6cf7339-e435-4660-860b-0d37b401a7d9/index.html

application channels in SKU (solutionsqa/fkb/sku/master-kubernetes-focal-baremetal-ovn)
        kubernetes-control-plane: latest/edge
        kubernetes-worker: latest/edge
        kube-ovn: latest/edge

The kube-ovn-controller pod logs this error repeatedly:

E0213 10:02:01.196909 6 subnet.go:186] error syncing 'ovn-default': gateway 192.168.0.1 is not in cidr 192.168.252.0/22, requeuing

Which prevents it from annotating nodes and such with the information that kube-ovn-cni needs to progress. This leads the kube-ovn-cni containers to CrashLoopBackOff, which leaves the kube-ovn charm stuck waiting forever.

I see in bundle.yaml that the kube-ovn charm is configured with `default-cidr: 192.168.252.0/22`. For this to work, it also needs to be configured with `default-gateway: 192.168.252.1`. I think if you add that to the bundle, it should work.

There is a second issue with this deployment, which is that it's running Kubernetes 1.23 on latest/edge charms that do not support Kubernetes 1.23. I see that the k8s snap channel config is unspecified in the bundle or overlays, so it's using the default value from the charms, which is out-of-date[1][2].

We can fix that default on our end easy enough. I'll open a couple PRs.

[1]: https://github.com/charmed-kubernetes/charm-kubernetes-control-plane/blob/45e994db6052740cc43de8f80c87cf16c335fa09/config.yaml#L108
[2]: https://github.com/charmed-kubernetes/charm-kubernetes-worker/blob/8a3751d57d8c3b715da5871913cde5e1e9c54433/config.yaml#L14

PRs to fix the charm default k8s versions:
https://github.com/charmed-kubernetes/charm-kubernetes-control-plane/pull/271
https://github.com/charmed-kubernetes/charm-kubernetes-worker/pull/136
https://github.com/charmed-kubernetes/charm-kubernetes-e2e/pull/27
https://github.com/charmed-kubernetes/bundle/pull/873

These should fix the incorrect k8s version in the deployment, but you will still need to set the kube-ovn default-gateway config to get it working.

It occurs to me that the kube-ovn charm should be doing more to inform the user about the mismatched config. This is a condition that the charm can easily check for, and it should enter a Blocked status with a clear message.

I was a little quick to mark this as invalid for kube-ovn. Sorry about that. :)

I'm surprised that this is a configuration issue since we have a passing rate of about 50% for this config, e.g. https://solutions.qa.canonical.com/v2/testruns/2a3a4099-b601-4d16-9157-9ec766869a37 is successful.

Interesting. It looks like the kube-ovn charm config differs between failing and passing runs. In failing runs the bundle.yaml has:

kube-ovn:
  bindings:
    ? ''
    : oam-space
  channel: latest/edge
  charm: kube-ovn
  options:
    default-cidr: 192.168.252.0/22

In passing runs the bundle.yaml has:

kube-ovn:
  bindings:
    ? ''
    : oam-space
  channel: latest/edge
  charm: kube-ovn

This is true for all of the test runs that I checked:

https://solutions.qa.canonical.com/v2/testruns/412c05fd-2a4d-4b9f-86f6-1497ddabbd1c (failed)
https://solutions.qa.canonical.com/v2/testruns/55e4a7b8-fd06-436c-806e-35277c83969c (success)
https://solutions.qa.canonical.com/v2/testruns/2a3a4099-b601-4d16-9157-9ec766869a37 (success)
https://solutions.qa.canonical.com/v2/testruns/53c2386d-807b-4317-a744-a7c51a07d6fc (failed)

These runs are all under the same SKU but somehow the generated bundle.yaml has different options for kube-ovn. I'm not really sure how to dig further into that side of the issue, but it does still make sense to me as a configuration issue at least from the charm's perspective.

Thanks for digging in on that, I found the problem. We have some hardware-specific config that we merge into the SKUs and we were adding the default-cidr in lab0 for some reason.

PRs from comment #5 are merged.