Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error destroying ipset when deleting NodeNetworkPolicy #6706

Open
tnqn opened this issue Sep 30, 2024 · 2 comments · May be fixed by #6707
Open

Error destroying ipset when deleting NodeNetworkPolicy #6706

tnqn opened this issue Sep 30, 2024 · 2 comments · May be fixed by #6707
Labels
area/network-policy Issues or PRs related to network policies. kind/bug Categorizes issue or PR as related to a bug.
Milestone
Antrea v2.2 release

Comments

@tnqn
Copy link
Member

tnqn commented Sep 30, 2024

Describe the bug

While debugging another issue, I found the following errors in antrea-agent logs:

E0919 15:26:53.365234 13 networkpolicy_controller.go:897] Error syncing rule "f7b29a365e132446", retrying. Error: error destroying ipset ANTREA-POL-F7B29A365E132446-4: exit status 1

After adding more logs to the log via #6705, I got the following:

E0930 14:24:09.356269 13 networkpolicy_controller.go:902] Error syncing rule "4f5505d534deb0ef", retrying. Error: error destroying ipset ANTREA-POL-4F5505D534DEB0EF-4, err: exit status 1, output: ipset v7.19: Set cannot be destroyed: it is in use by a kernel component

The full log can be downloaded here e2e-kind-encap-all-features-enabled.tar.gz.zip.

The error was gone eventually after being repeated a few times. It may be because the networkpolicy controller didn't remove the iptables rules first before destroying the ipset, or could be a kernel bug that the reference was not deleted immediately after the iptables rules were deleted.

Versions:

Please provide the following information:

  • Antrea version (Docker image tag). v2.2-dev
@tnqn tnqn added kind/bug Categorizes issue or PR as related to a bug. area/network-policy Issues or PRs related to network policies. labels Sep 30, 2024
@tnqn tnqn added this to the Antrea v2.2 release milestone Sep 30, 2024
@tnqn
Copy link
Member Author

tnqn commented Sep 30, 2024

@hongliangl could you please take a look?

@tnqn tnqn mentioned this issue Sep 30, 2024
Merged
@hongliangl
Copy link
Contributor

@hongliangl could you please take a look?

Will do.

@hongliangl hongliangl linked a pull request Sep 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/network-policy Issues or PRs related to network policies. kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
Antrea v2.2 release
2 participants
@tnqn @hongliangl