Bug 1957039
| Summary: | Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of 169.254.169.2 for Local GW | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Andrew Stoycos <astoycos> |
| Component: | Networking | Assignee: | Andrew Stoycos <astoycos> |
| Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | ||
| Version: | 4.8 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:06:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: In Local GW when a nodeport svc is backed by a host networked pod the incorrect backed IP is used in the gateway_router LB _uuid : c3617307-f109-4d2e-9c2d-704166ffd970 external_ids : {TCP_lb_gateway_router=GR_ovn-worker} health_check : [] ip_port_mappings : {} name : "" options : {} protocol : tcp selection_fields : [] vips : {"172.18.0.2:30080"="10.244.0.4:8080", "172.18.0.2:30081"="169.254.169.2:8081"} Specifically when the traffic from a pod on the same node sends traffic to the SVC it should DNAT to 172.18.0.2:8081 not the "special" masquerade IP Version-Release number of selected component (if applicable): This is a problem in Master and 4.8 that was most likely introduced during the switch to shared GW as the default topology, so it is not yet clear weather the bug affects versions prior to 4.8 How reproducible: Always