Bug 1570400
| Summary: | [3.7] DNS to local node vs. static egress IP | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Dan Winship <danw> |
| Component: | Networking | Assignee: | Dan Winship <danw> |
| Status: | CLOSED ERRATA | QA Contact: | Meng Bo <bmeng> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.7.1 | CC: | aos-bugs, bbennett |
| Target Milestone: | --- | ||
| Target Release: | 3.7.z | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: When using per-namespace static egress IPs, all external traffic is routed through the egress IP. "External" means all traffic which isn't directed to another pod, and so includes traffic from the pod to the pod's node.
Consequence: When pods are told to use the node's IP address for DNS, and the pod is using a static egress IP, then DNS traffic will be routed to the egress node first, and then back to the original node, which might be configured to not accept DNS requests from other hosts, causing the pod to be unable to resolve DNS.
Fix: pod-to-node DNS requests now bypass the egress IP and go directly to the node
Result: DNS works
|
Story Points: | --- |
| Clone Of: | 1570398 | Environment: | |
| Last Closed: | 2018-05-18 03:54:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1557924 | ||
| Bug Blocks: | |||
|
Comment 1
Dan Winship
2018-04-22 15:03:34 UTC
Tested on 3.7.46, with same step in https://bugzilla.redhat.com/show_bug.cgi?id=1570398#c5 The issue had been fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1576 |