New CIDR Block from Network Graph is not visible in RHACS in RHOCP 4

Solution Verified - Updated -

Environment

  • Red Hat Openshift Container Platform 4
  • Red Hat Advance Cluster Security 3

Issue

  • After creating new CIDR block 10.129.1.0/24 in Network Graph, when curl command is executed from inside the pod, then the block is not displayed on the network graph.
# curl -kv https://10.129.1.120
  • Here, 10.129.1.0/24 is subnet for OpenShift Container Platform.

Resolution

  • Confirm that, there is no environment specific firewalls or proxy is configured, which could be blocking the new CIDR block.
  • Add new CIDR block following official guide.

Root Cause

  • As mentioned in the official Document, If auto-discovered CIDR blocks from the GUI, on the top bar in the Network Graph view is marked hidden, then It is automatically hidden for all clusters and not only for the selected cluster .
  • Check if the POD IP and service IP is reachable from the Worker node Physical Interface.
  • Execute below command from the OCP node to verify if ARP requests can be sent and if there is any response to it?
$ arping -I physical_interface_of_node destination_IP

Diagnostic Steps

  • Create CIDR blocks as mentioned in the official documents.
  • Verify above CIDR belongs to the Openshift subnet in Pods/Deployments are running.
  • Example if pods IP is 10.129.1.120, Then create CIDR block in Network Graph of Stackrox dashboard with subnet 10.129.1.0/24.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments