Bug 1560586
| Summary: | [3.8] Semi automatic namespace wide egress IP randomly shows up as node IP | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Dan Winship <danw> |
| Component: | Networking | Assignee: | Casey Callendrello <cdc> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED EOL | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | aos-bugs, bbennett, bmeng, danw, eparis, erich, tibrahim |
| Version: | 3.8.0 | ||
| Target Milestone: | --- | ||
| Target Release: | 3.8.z | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: The "kube-proxy" and "kubelet" parts of the OpenShift node process were being given different default values for the config options describing how to interact with iptables.
Consequence: OpenShift would periodically add a bogus iptables rule that would cause *some* per-project static egress IPs to not be used for some length of time, until the bogus rule was removed again. (While the bogus rule was present, traffic from those projects would use the node IP address of the node hosting the egress IP, rather than the egress IP itself.)
Fix: The inconsistent configuration was resolved, causing the bogus iptables rule to no longer be added.
Result: Projects consistently use their static egress IPs.
|
Story Points: | --- |
| Clone Of: | 1552869 | Environment: | |
| Last Closed: | 2019-12-05 22:01:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1552869 | ||
| Bug Blocks: | |||
|
Comment 1
Dan Winship
2018-03-26 16:39:17 UTC
Jumped to VERIFIED because the PR has landed, but we don't build 3.8 to QE. |