Comment 0 for bug 1779656
Revision history for this message
| Pulkit Tandon (pulkitt) wrote [R5.0-k8s]: Network Policy which are part of "k8s-allowall" are getting deleted automatically. | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
R5.0-117.
5 node plain k8s+contrail setup.
3 Controller
1 Kube master
2 Compute + k8s slave
Description:
As I create new project, I see that corresponding Allow all rules get added in "k8s-allowall" network policy.
But in some time, all policies corresponding to the namespaces which I created, get deleted automatically.
Thus, this result in test case failure.
I think this might be due to the name of the namespace used.
Prior to this test, I ran some other test cases which used same name for namespaces.
In the kube manager logs, I can see following Delete request running continuously.
07/02/2018 10:36:43 AM [contrail-
07/02/2018 10:36:43 AM [contrail-
07/02/2018 10:37:43 AM [contrail-
07/02/2018 10:37:43 AM [contrail-
07/02/2018 10:37:43 AM [contrail-
07/02/2018 10:38:43 AM [contrail-
07/02/2018 10:38:43 AM [contrail-
07/02/2018 10:38:43 AM [contrail-
Note that the namespaces which I created are with same name "temp-ns", "new-default" and "non-default".
For current case, following is the namespace add request from the logs:
07/02/2018 10:11:10 AM [contrail-
I suspect that the stale Delete requests for same namespace name(but different UUID), resulted in deletion of network policies.
If that is the case, there are 2 things to inspect:
1. Why the stale namespace deletion request is running continuously?
2. Should this stale namespace deletion request result in deletion of network policies even though they have different UUID ?
For further verification, I did a restart of Kube manager.
All policies were restored after a restart as they were read fresh.
Soon after the stale DELETE, the policies were again deleted.
I have attached the kube manager and config logs.