Skip to main content
Solved

NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "*hostname*/32": not a valid CIDR

H
Sidekick (Partner)
Forum|alt.badge.img+7
  • HashanD
  • Sidekick (Partner)
  • 49 replies

Hi,

I am getting following error in a upgrade (From App9 to IFSCloud 23R1). In the mtinstaller when runs for the frst time I get following error. its something comes for DB hot IP CIDR value. But the ip range same as for another IFSCloud environment for the same customer.

[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud
[Tue Jun 20 02:02:29 CEST 2023] - SEVERE: Failed to install ifs-cloud. Collected logs from command:
"ifscloud" has been added to your repositories
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ifscloud" chart repository
Update Complete. ÔÄêHappy Helming!ÔÄê
INFO: Using chart ifscloud/ifs-cloud --version 231.0.0
INFO: Installing ifs-cloud
INFO: Running helm upgrade
history.go:56: [debug] getting history for release ifs-cloud
Release "ifs-cloud" does not exist. Installing it now.
install.go:192: [debug] Original chart version: "231.0.0"
install.go:209: [debug] CHART PATH: C:\Users\fcadmin\AppData\Local\Temp\helm\repository\ifs-cloud-231.0.0.tgz

client.go:128: [debug] creating 169 resource(s)
Error: NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
helm.go:84: [debug] NetworkPolicy.extensions "egress-env-database" is invalid: spec.egress[0].to[0].ipBlock.cidr: Invalid value: "<hostname>/32": not a valid CIDR
SEVERE: Failed to install ifs-cloud


Appreciate your support on this.
 

Best Regards,

Hashan

Best answer by Ben Monroe

Hi Hashan,

I recently came across this issue as well. Please check your connection string to the database in ifscloud-values.yaml. It is probably a DNS name. Please change this to a static IP and retry.

Best regards, Ben

View original
Best Regards, HashanD
Did this topic help you find an answer to your question?

9 replies

B
Superhero (Employee)
Forum|alt.badge.img+14
  • Ben Monroe
  • Superhero (Employee)
  • 159 replies
  • Answer
  • June 20, 2023

Hi Hashan,

I recently came across this issue as well. Please check your connection string to the database in ifscloud-values.yaml. It is probably a DNS name. Please change this to a static IP and retry.

Best regards, Ben

G
F
H
3 people like this
  • G
    gianni.neves
  • F
    feng
  • H
    HashanD
H
Sidekick (Partner)
Forum|alt.badge.img+7
  • HashanD
  • Author
  • Sidekick (Partner)
  • 49 replies
  • June 20, 2023

Hi @Ben Monroe,

Yeah, I used hostname and it was working in other environments. As you mentioned when I change it to IP address of the DB server it worked. Do you hav any sort of an idea what cause this issue? or is it a bug with 23R1?

Thank you very much for the support 😊

Best Regards,
Hashan

Best Regards, HashanD
B
1 person likes this
  • B
    Ben Monroe
B
Superhero (Employee)
Forum|alt.badge.img+14
  • Ben Monroe
  • Superhero (Employee)
  • 159 replies
  • June 20, 2023

Hi Hashan,

I was a little surprised by this as well as I know that using DNS in connections strings worked in earlier versions of IFS Cloud (and also IFS APP 9 and 10). It looks like some things have changed in 23R1. However, I am not able to say if this is by design or is a bug. If you require an answer, please feel free to open a support ticket and they will be able to confirm with development.(You can CC me on the ticket if you wish.)

Best regards, Ben

H
1 person likes this
  • H
    HashanD
H
Sidekick (Partner)
Forum|alt.badge.img+7
  • HashanD
  • Author
  • Sidekick (Partner)
  • 49 replies
  • June 20, 2023

Thank you Ben. If I find anything I’ll update here.

Best Regards, HashanD
B
1 person likes this
  • B
    Ben Monroe
H
Hero (Employee)
Forum|alt.badge.img+10
  • hhanse
  • Hero (Employee)
  • 175 replies
  • June 20, 2023

Hi,

in 23r1 the ifscore.networkpolicy.enabled is enabled by default (can be disabled - but decreases the network security a bit)

When ifscore.networkpolicy.enabled is enabled the db host has to be an IP as networkPolicies in k8s can’t resolve hostnames.

https://docs.ifs.com/techdocs/23r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#general_parameters

This change should be mentioned in the release notes… somewhere… 

B
1 person likes this
  • B
    Ben Monroe
durette
Superhero (Customer)
Forum|alt.badge.img+19
  • durette
  • Superhero (Customer)
  • 525 replies
  • October 5, 2023

I’m very disappointed in this regression. DNS is a nonnegotiable requirement for managing an enterprise-grade network, and every exception that doesn’t use a FQDN adds complexity to the total configuration, requiring extra time or tribal knowledge to troubleshoot or change later.

What is the impact of setting ifscore.networkpolicy.enabled to false, in more specific technical language?

Where in the code stack is this happening? What might a good starting point be for developing a better workaround?

If you find this forum useful, please consider paying back to the community in your own areas of expertise. If you ask for help in a private message, please know that I will likely repost it as a forum question (with your personal details redacted) and answer it here. -- Kevin Durette - https://www.linkedin.com/in/kevindurette
F
Sidekick (Employee)
Forum|alt.badge.img+8
  • feng
  • Sidekick (Employee)
  • 48 replies
  • December 13, 2023

Hi all

If the environment is an Oracle RAC with three IP addresses, can I apply the same setting?
According to Oracle Documentation, an Oracle Net connect descriptor should be in the following format:

About Connecting to an Oracle RAC Database Using SCANs

 

Best regards,

Feng

F
Sidekick (Employee)
Forum|alt.badge.img+8
  • feng
  • Sidekick (Employee)
  • 48 replies
  • December 26, 2023

Hi @Ben Monroe 

 

Could you reply to my question as below. Thanks!

Best regards

Feng

S
1 person likes this
  • S
    sergev78
A
Do Gooder (Partner)
Forum|alt.badge.img+4
  • aNm
  • Do Gooder (Partner)
  • 15 replies
  • January 31, 2025
feng wrote:

Hi all

If the environment is an Oracle RAC with three IP addresses, can I apply the same setting?
According to Oracle Documentation, an Oracle Net connect descriptor should be in the following format:

About Connecting to an Oracle RAC Database Using SCANs

 

Best regards,

Feng

Hi, ​@feng 

Was you able to connect IFS Clout to Oracle RAC? I’ve got pretty similar issue

Thanks in advance

S
1 person likes this
  • S
    sergev78

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings