Bug 1633574

Summary: Should not assign the egressIP to node automatically if there are multiple egressIPs in the project
Product: OpenShift Container Platform Reporter: Meng Bo <bmeng>
Component: NetworkingAssignee: Dan Winship <danw>
Status: CLOSED ERRATA QA Contact: Meng Bo <bmeng>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.11.0CC: aos-bugs, cdc
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-20 03:10:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Meng Bo 2018-09-27 10:13:53 UTC 
Description of problem:
Try to add multiple egressIPs to the netnamespace, the egressIPs will be distributed to the node which have egressCIDRs value can cover the egressIPs above.


Version-Release number of selected component (if applicable):
oc v3.11.16
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://qe-bmeng-311-master-etcd-nfs-1:8443
openshift v3.11.16
kubernetes v1.11.0+d4cacc0


How reproducible:
always

Steps to Reproduce:
1. Setup multi node cluster

2. Patch the egressCIDR to some nodes
# oc patch hostsubnet node1 -p '{"egressCIDRs":["172.16.123.96/27"]}'
# oc patch hostsubnet node2 -p '{"egressCIDRs":["172.16.123.96/27"]}'

3. Try to add multiple egressIPs which belong to the range above to existing project
# oc patch netnamespaces bmengp1 -p '{"egressIPs":["172.16.123.100","172.16.123.101"]}'

4. Check the egressIPs on the nodes

Actual results:
The egress IPs get assigned to the node automatically.
# oc get hostsubnet 
NAME                                  HOST                                  HOST IP         SUBNET          EGRESS CIDRS         EGRESS IPS
qe-bmeng-311-master-etcd-nfs-1        qe-bmeng-311-master-etcd-nfs-1        172.16.122.49   10.128.0.0/23   []                   []
qe-bmeng-311-node-1                   qe-bmeng-311-node-1                   172.16.122.53   10.130.0.0/23   [172.16.123.96/27]   [172.16.123.101]
qe-bmeng-311-node-2                   qe-bmeng-311-node-2                   172.16.122.54   10.129.0.0/23   [172.16.123.96/27]   [172.16.123.100]
qe-bmeng-311-node-registry-router-1   qe-bmeng-311-node-registry-router-1   172.16.122.52   10.131.0.0/23   []                   []

# oc get netnamespace bmengp1
NAME      NETID      EGRESS IPS
bmengp1   13783964   [172.16.123.100, 172.16.123.101]

Expected results:
Should not auto assign the egressIPs if there are multiple egressIPs value set to netnamespace

Additional info:
The PR has been merged to build 3.11.16
https://github.com/openshift/origin/pull/20971/
Comment 1 Dan Winship 2018-09-27 13:49:49 UTC 
Hrmph. It works in the unit test...

Anyway, this is just about preventing people from misusing the feature; it doesn't affect anything when the feature is used correctly, so it can wait until 3.11.z
Comment 2 Dan Winship 2018-09-27 15:28:05 UTC 
https://github.com/openshift/origin/pull/21122
Comment 4 Meng Bo 2018-11-06 07:04:10 UTC 
Tested on ocp v3.11.38

The issue has been fixed.

The egressIP will not be assigned automatically when the netnamespace has multiple egressIPs.
Comment 6 errata-xmlrpc 2018-11-20 03:10:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3537