Bug 1908782
| Summary: | Unable to create IPsec-enabled cluster on GCP platform | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Mark Gray <mark.d.gray> |
| Component: | Networking | Assignee: | Mark Gray <mark.d.gray> |
| Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> |
| Status: | CLOSED CURRENTRELEASE | Docs Contact: | |
| Severity: | urgent | ||
| Priority: | urgent | CC: | bbennett, mstaeble, zzhao |
| Version: | 4.7 | Keywords: | TestBlocker |
| Target Milestone: | --- | ||
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-08 17:19:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I deployed a cluster without enabling IPsec and tried to send ESP traffic between nodes. I was unable to do this which suggests that ESP traffic is being blocked. This is probably requires firewall rules to enable IKE, ESP and Nat-t traffic. @anurag, I guess this issue should be fixed according to above comment. could you help double confirm this? Changes were made for the IPI installation path but not for the UPI installation path. Similar changes need to be made for UPI as well. |
Description of problem: When IPsec feature is enabled and a cluster installed on GCP, the cluster does start correctly giving connectivity errors across multiple components as many operators are unavailable. Version-Release number of selected component (if applicable): 4.7 How reproducible: Always Steps to Reproduce: 1. Start cluster using GCP installer with a configuration such as: spec: defaultNetwork: type: OVNKubernetes ovnKubernetesConfig: ipsecConfig: {} Actual results: * Cluster fails to start Expected results: * Cluster start correctly Additional info: