Hi,I am getting following error in a upgrade (From App9 to IFSCloud 23R1). In the mtinstaller when runs for the frst time I get following error. its something comes for DB hot IP CIDR value. But the ip range same as for another IFSCloud environment for the same customer.[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud. Collected logs from command:"ifscloud" has been added to your repositoriesHang tight while we grab the latest from your chart repositories......Successfully got an update from the "ifscloud" chart repositoryUpdate Complete. ÔÄêHappy Helming!ÔÄêINFO: Using chart ifscloud/ifs-cloud --version 231.0.0INFO: Installing ifs-cloudINFO: Running helm upgradehistory.go:56: [debug] getting history for release ifs-cloudRelease "ifs-cloud" does not exist. Installing it now.install.go:192: [debug] Original chart version: "231.0.0"install.go:209: [debug] CHART PATH: C:\Users\fcadmin\AppData\Local\Temp\helm\repository\ifs-cloud-231.0.0.tgzclient.go:128: [debug] creating 169 resource(s)Error: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDRhelm.go:84: [debug] NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDRSEVERE: Failed to install ifs-cloudAppreciate your support on this. Best Regards,Hashan

NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "*hostname*/32": not a valid CIDR

Page 1 / 1

Hi Hashan,

I recently came across this issue as well. Please check your connection string to the database in ifscloud-values.yaml. It is probably a DNS name. Please change this to a static IP and retry.

Best regards, Ben

Hi @Ben Monroe,

Yeah, I used hostname and it was working in other environments. As you mentioned when I change it to IP address of the DB server it worked. Do you hav any sort of an idea what cause this issue? or is it a bug with 23R1?

Thank you very much for the support

Best Regards,
Hashan

Hi Hashan,

I was a little surprised by this as well as I know that using DNS in connections strings worked in earlier versions of IFS Cloud (and also IFS APP 9 and 10). It looks like some things have changed in 23R1. However, I am not able to say if this is by design or is a bug. If you require an answer, please feel free to open a support ticket and they will be able to confirm with development.(You can CC me on the ticket if you wish.)

Best regards, Ben

Thank you Ben. If I find anything I’ll update here.

Hi,

in 23r1 the ifscore.networkpolicy.enabled is enabled by default (can be disabled - but decreases the network security a bit)

When ifscore.networkpolicy.enabled is enabled the db host has to be an IP as networkPolicies in k8s can’t resolve hostnames.

https://docs.ifs.com/techdocs/23r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#general_parameters

This change should be mentioned in the release notes… somewhere…

I’m very disappointed in this regression. DNS is a nonnegotiable requirement for managing an enterprise-grade network, and every exception that doesn’t use a FQDN adds complexity to the total configuration, requiring extra time or tribal knowledge to troubleshoot or change later.

What is the impact of setting ifscore.networkpolicy.enabled to false, in more specific technical language?

Where in the code stack is this happening? What might a good starting point be for developing a better workaround?

Hi all

If the environment is an Oracle RAC with three IP addresses, can I apply the same setting?
According to Oracle Documentation, an Oracle Net connect descriptor should be in the following format:

About Connecting to an Oracle RAC Database Using SCANs