Bug 1725848

Summary: VM Created with wizard with masquerade Pod Networking NIC has unreachable ports with exposed services
Product: Container Native Virtualization (CNV) Reporter: Radim Hrazdil <rhrazdil>
Component: NetworkingAssignee: Dan Kenigsberg <danken>
Status: CLOSED CURRENTRELEASE QA Contact: Meni Yakove <myakove>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0CC: aburden, bgaydos, cnv-qe-bugs, danken, fdeutsch, igulina, mcarleto, myakove, ncredi, pousley, tjelinek, ysegev
Target Milestone: ---   
Target Release: 2.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cnv-2.1.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-04 15:05:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
exampleVM.yaml none

Description Radim Hrazdil 2019-07-01 14:45:43 UTC 
Created attachment 1586335 [details]
exampleVM.yaml

Description of problem:
When a VM is created with VM Wizard with 'Pod Networking' NIC in masquerade mode (which is the default one), then exposed NodePort service on such VM is not reachable.

service exposed as follows:
virtctl expose virtualmachine <vm name> --name <service-name> --port <unique port> --target-port 80 --type NodePort -n <namespace>


Version-Release number of selected component (if applicable):
HCO-33
kubevirt-web-ui-container-v2.0.0-14.8

How reproducible:
100%

Steps to Reproduce:
1. created the example VM with masquerade Pod Networking NIC
2. Expose a service on the VM
3. try to connect to the service port, for example run SimpleHTTPServer on the VM and try to access it through the node port with wget

Actual results:
connection cannot be established

Expected results:


Additional info:
To w/a the issue, add  'ports' to the VM yaml
- masquerade: {}
  name: testmasquerade
  ports:
    - name: http
      port: 80
      protocol: TCP

Using 'Bridge' method instead of 'masquerade' works as expected.

A fix exists https://github.com/kubevirt/kubevirt/pull/2331, however hasn't been backported to 2.0.
Comment 2 Dan Kenigsberg 2019-07-01 15:23:41 UTC 
You are correct on all terms.
This is tracked in https://jira.coreos.com/browse/KNIP-241

Note that there is another juicy point: masquerade does not work at all with OKD-4.1.
Comment 7 Dan Kenigsberg 2019-07-09 17:09:05 UTC 
It is my own fault, but we are confusing two things here. One is that via GUI, one cannot define a VM that serves a TCP port. This bug is about this issue, and it going to be fixed in cnv-2.1.

There is a much more serious issue https://github.com/kubevirt/kubevirt/issues/2400 that masquerade does not work at all on recent RHCOS8 builds. I would like to fix this ASAP (cnv-2.0.1?)

I confirm that both issues would be release-noted:

Due to https://github.com/kubevirt/kubevirt/issues/2400 one cannot reliably attach the default (Pod) network to a VM.
Comment 8 Bob Gaydos 2019-07-09 21:15:59 UTC 
Created PR: https://github.com/openshift/openshift-docs/pull/15805
Comment 9 Bob Gaydos 2019-07-11 13:09:31 UTC 
These changes can be reviewed in https://github.com/openshift/openshift-docs/pull/15805.

Will hold off on merging until we get the issue re: https://bugzilla.redhat.com/show_bug.cgi?id=1722419 resolved (PR contains multiple Release Notes additions).

Thanks,

Bob
Comment 10 Bob Gaydos 2019-07-11 13:47:50 UTC 
Hi Everyone,

Vikram has given the go-ahead to merge this PR. 

Here is a link to the test build: http://file.bos.redhat.com/bgaydos/071119/cnv/cnv_release_notes/cnv-release-notes.html

Note that this content also contains the note for https://bugzilla.redhat.com/show_bug.cgi?id=1722419 requested by Tomas and approved by Vikram.

Putting on_qa along with https://bugzilla.redhat.com/show_bug.cgi?id=1722419.

Thanks,

Bob
Comment 19 Sebastian Scheinkman 2019-08-07 11:16:41 UTC 
Dan I think now that we manage to merged the "forward all port into the vm if no port was configured"

This issue can wait for 2.2 what you think?
Comment 21 Dan Kenigsberg 2019-08-07 12:17:48 UTC 
In the context of this bug, our changed the default of forwarding all ports into the VM is good enough.
The fix is merged https://github.com/kubevirt/kubevirt/pull/2331 and would be available in cnv-2.1.