Bug 1698210
Summary: | Service type NodePort not exposing service on all nodes | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Anurag saxena <anusaxen> |
Component: | Networking | Assignee: | Casey Callendrello <cdc> |
Status: | CLOSED ERRATA | QA Contact: | Anurag saxena <anusaxen> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.1.0 | CC: | aos-bugs, bbennett, bmeng, jtanenba |
Target Milestone: | --- | ||
Target Release: | 4.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-04 10:47:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Anurag saxena
2019-04-09 19:56:17 UTC
Ok further experiments tells me that it might be due to node to node network connectivity absence in 4.x. I am not able to ping one node from another node or vice versa. Is it a restriction on CoreOS on 4.x? Please advise. Looks like an AWS security group issue, from the console I can see we only opened the port range from 30000 to 32767 for TCP protocol. Maybe we need also open them for UDP. To Anurag, Can you help get the output about iptables and netstat for your udp node port? Eg, iptables-save | grep 31963 netstat -lnpu | grep 31963 I think all the related entries should be there. Yup, we need to open this range for UDP as well, I'll file a PR. (In reply to Meng Bo from comment #2) > Looks like an AWS security group issue, from the console I can see we only > opened the port range from 30000 to 32767 for TCP protocol. Maybe we need > also open them for UDP. > > To Anurag, > Can you help get the output about iptables and netstat for your udp node > port? > Eg, > iptables-save | grep 31963 > netstat -lnpu | grep 31963 > > I think all the related entries should be there. iptables-save entries seems to be correct $ sudo iptables-save | grep 31326 -A KUBE-NODEPORTS -p udp -m comment --comment "test/udp-rc-ctsj7:" -m udp --dport 31326 -j KUBE-MARK-MASQ -A KUBE-NODEPORTS -p udp -m comment --comment "test/udp-rc-ctsj7:" -m udp --dport 31326 -j KUBE-SVC-J5HIX5PZU2ZRSTD5 While netstat doesn;t show the expected port range opened $ netstat -lnpu | grep "Proto\|31326" (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp6 0 0 :::31326 :::* - Will have to verify this on next good build. Not getting green build on 4.1 since 8 days. Thanks. Verified on 4.1.0-0.nightly-2019-04-18-170154. Port range 30000-32767 is now allowed for UDP for NodePort services. Test steps worked fine now as mentioned in description Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |