Solved

NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "*hostname*/32": not a valid CIDR

  • 20 June 2023
  • 8 replies
  • 263 views
H
Rank
Userlevel 1
Badge +5

Hi,

I am getting following error in a upgrade (From App9 to IFSCloud 23R1). In the mtinstaller when runs for the frst time I get following error. its something comes for DB hot IP CIDR value. But the ip range same as for another IFSCloud environment for the same customer.

[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud
[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud. Collected logs from command:
"ifscloud" has been added to your repositories
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ifscloud" chart repository
Update Complete. ÔÄêHappy Helming!ÔÄê
INFO: Using chart ifscloud/ifs-cloud --version 231.0.0
INFO: Installing ifs-cloud
INFO: Running helm upgrade
history.go:56: [debug] getting history for release ifs-cloud
Release "ifs-cloud" does not exist. Installing it now.
install.go:192: [debug] Original chart version: "231.0.0"
install.go:209: [debug] CHART PATH: C:\Users\fcadmin\AppData\Local\Temp\helm\repository\ifs-cloud-231.0.0.tgz

client.go:128: [debug] creating 169 resource(s)
Error: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
helm.go:84: [debug] NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
SEVERE: Failed to install ifs-cloud


Appreciate your support on this.
 

Best Regards,

Hashan

icon

Best answer by Ben Monroe 20 June 2023, 02:57

View original
Best Regards, HashanD

8 replies

B
Rank
Userlevel 5
Badge +12

Hi Hashan,

I recently came across this issue as well. Please check your connection string to the database in ifscloud-values.yaml. It is probably a DNS name. Please change this to a static IP and retry.

Best regards, Ben

H
Rank
Userlevel 1
Badge +5

Hi @Ben Monroe,

Yeah, I used hostname and it was working in other environments. As you mentioned when I change it to IP address of the DB server it worked. Do you hav any sort of an idea what cause this issue? or is it a bug with 23R1?

Thank you very much for the support 😊

Best Regards,
Hashan

Best Regards, HashanD
B
Rank
Userlevel 5
Badge +12

Hi Hashan,

I was a little surprised by this as well as I know that using DNS in connections strings worked in earlier versions of IFS Cloud (and also IFS APP 9 and 10). It looks like some things have changed in 23R1. However, I am not able to say if this is by design or is a bug. If you require an answer, please feel free to open a support ticket and they will be able to confirm with development.(You can CC me on the ticket if you wish.)

Best regards, Ben

H
Rank
Userlevel 1
Badge +5

Thank you Ben. If I find anything I’ll update here.

Best Regards, HashanD
H
Rank
Userlevel 5
Badge +10

Hi,

in 23r1 the ifscore.networkpolicy.enabled is enabled by default (can be disabled - but decreases the network security a bit)

When ifscore.networkpolicy.enabled is enabled the db host has to be an IP as networkPolicies in k8s can’t resolve hostnames.

https://docs.ifs.com/techdocs/23r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#general_parameters

This change should be mentioned in the release notes… somewhere… 

durette
Rank
Userlevel 7
Badge +18

I’m very disappointed in this regression. DNS is a nonnegotiable requirement for managing an enterprise-grade network, and every exception that doesn’t use a FQDN adds complexity to the total configuration, requiring extra time or tribal knowledge to troubleshoot or change later.

What is the impact of setting ifscore.networkpolicy.enabled to false, in more specific technical language?

Where in the code stack is this happening? What might a good starting point be for developing a better workaround?

If you find this forum useful, please consider paying back to the community in your own areas of expertise. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
F
Rank
Userlevel 1
Badge +6

Hi all

If the environment is an Oracle RAC with three IP addresses, can I apply the same setting?
According to Oracle Documentation, an Oracle Net connect descriptor should be in the following format:

About Connecting to an Oracle RAC Database Using SCANs

 

Best regards,

Feng

F
Rank
Userlevel 1
Badge +6

Hi @Ben Monroe 

 

Could you reply to my question as below. Thanks!

Best regards

Feng

Reply


Terms & ConditionsCookie settings