Bug 1726045
Summary: | cannot access to the service's externalIP with egressIP in openshift-ovs-multitenant environment | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Min Woo Park <mpark> | |
Component: | Networking | Assignee: | Casey Callendrello <cdc> | |
Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | urgent | |||
Priority: | urgent | CC: | anusaxen, aos-bugs, zzhao | |
Version: | 3.11.0 | |||
Target Milestone: | --- | |||
Target Release: | 4.2.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1733429 1737386 (view as bug list) | Environment: | ||
Last Closed: | 2019-10-16 06:32:48 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1733429, 1737386 |
Comment 6
zhaozhanqi
2019-07-02 08:15:12 UTC
Hi, Any update for this? OK, should have a fix for this. Wound up being easier than I thought. master pr: https://github.com/openshift/origin/pull/23373 Master PR: https://github.com/openshift/sdn/pull/13 Will file backport PRs once this is VERIFIED. hi, Casey in 4.2. when I create service with 'externalip', it shows error "Forbidden: externalIPs have been disabled". I edit the 'networks.config.openshift.io' to add 'AllowedCIDRs: 10.73.0.0/14', see: spec: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 externalIP: policy: AllowedCIDRs: 10.73.0.0/14 networkType: OpenShiftSDN serviceNetwork: - 172.30.0.0/16 how to make the 'AllowedCIDRs: 10.73.0.0/14' take effect after I updated this? I answered this in chat as well, but capturing this here: allowedCIDRs needs to be lowercase-A and is an array. So it should look like spec: externalIP: policy: allowedCIDRs: - 10.73.0.0/14 Ah, interesting. It will work on freshly rebooted nodes. Looks like we need to clean up the old rule as well. New PR merged, please re-QE: https://github.com/openshift/sdn/pull/17 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922 |