Bug 1881882
Summary: | [RHCOS]Cannot access to the service's externalIP with egressIP from some pods | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | huirwang |
Component: | Networking | Assignee: | Patryk Diak <pdiak> |
Networking sub component: | openshift-sdn | QA Contact: | huirwang |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | medium | ||
Priority: | low | CC: | anbhat, bbennett, bpickard, pdiak, surya, vlaad, zzhao |
Version: | 4.6 | Keywords: | Reopened |
Target Milestone: | --- | ||
Target Release: | 4.8.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-09-14 20:38:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
huirwang
2020-09-23 10:03:19 UTC
*** This bug has been marked as a duplicate of bug 1762580 *** Public comment about reopening: This tracks specifically the issue in RHCOS. BZ1762580 fixes it for RHEL, which is good enough at the moment because nobody reported this issue on RHCOS. Is it correct for this to be high priority? To the best of my knowledge this isn't affecting any customer or QA Nobody has requested this to be fixed so I'm going to close it, please reopen it if necessary. Hi flaviof, I reproduced this issue on 4.11.0-0.nightly-2022-05-06-180112 which includes the PR https://github.com/openshift/ovn-kubernetes/pull/1078. This bug is a little similar as https://bugzilla.redhat.com/show_bug.cgi?id=2016534, the difference is that here with two namespace and it doesn't work. Please let me know when you need a reproducer and then I can prepare one. 1. ExternalIp svc and related pods oc get svc -n test NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-service1 ClusterIP 172.30.13.32 172.31.249.223 27018/TCP 36m oc get pods -n test -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-pod-1 1/1 Running 0 36m 10.128.2.35 huirwang-0507b-qkg46-worker-vxv59 <none> <none> 2. Create another namespace and pods in it, patch egressip to namespace and a node oc get pods -n test-client -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-pod 1/1 Running 0 25m 10.131.0.18 huirwang-0507b-qkg46-worker-qctkn <none> <none> oc get netnamespace test-client NAME NETID EGRESS IPS test-client 8373126 ["172.31.249.200"] $ oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS CIDRS EGRESS IPS huirwang-0507b-qkg46-master-0 huirwang-0507b-qkg46-master-0 172.31.249.61 10.128.0.0/23 ["172.31.249.200"] huirwang-0507b-qkg46-master-1 huirwang-0507b-qkg46-master-1 172.31.249.223 10.130.0.0/23 huirwang-0507b-qkg46-master-2 huirwang-0507b-qkg46-master-2 172.31.249.54 10.129.0.0/23 huirwang-0507b-qkg46-worker-qctkn huirwang-0507b-qkg46-worker-qctkn 172.31.249.158 10.131.0.0/23 huirwang-0507b-qkg46-worker-vxv59 huirwang-0507b-qkg46-worker-vxv59 172.31.249.26 10.128.2.0/23 3. From pod hello-pod to access service hello-service1 with externalip oc rsh -n test-client hello-pod / # curl 172.31.249.223:27018 --connect-timeout 5 curl: (28) Connection timed out after 5001 milliseconds 4. Remove egressip from namespace test-client, then curl works. $oc patch netnamespace test-client --type=merge -p '{"egressIPs": []}' netnamespace.network.openshift.io/test-client patched $ oc rsh -n test-client hello-pod / # curl 172.31.249.223:27018 --connect-timeout 5 Hello OpenShift! / # Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.8.49 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6308 |