Bug 2035439
Summary: | SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | jechen <jechen> |
Component: | Networking | Assignee: | Patryk Diak <pdiak> |
Networking sub component: | openshift-sdn | QA Contact: | jechen <jechen> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | unspecified | CC: | ffernand, huirwang, mifiedle, pdiak |
Version: | 4.10 | Keywords: | TestBlocker |
Target Milestone: | --- | Flags: | pdiak:
needinfo-
|
Target Release: | 4.10.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-12 04:40:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jechen
2021-12-24 03:35:18 UTC
manual egressIP assignent with OpenShift-SDN cluster on GCP is having same problem. @jechen I have made changed to the PR. Please let me know if the issue still occurs and if so share the reproduction steps @pdiak In order to test your PR pre-merged, I have to use cluster-bot to build a cluster, but the cluster-bot does not give me an external VM instance where I can install ipecho service to verify egressIP. Normally, I use Jenkins to build a GCP cluster, and I specify an external VM instance being built along with the cluster by Jenkins. Then I install ipecho service on the external VM instance. I am not able to figure out a way to have cluster-bot not only build me a cluster, but also build me an external VM instance. I think I will have to wait till the PR being merged before I can test the PR. Verified in 4.10.0-0.nightly-2022-01-15-092722 $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2022-01-15-092722 True False 10m Cluster version is 4.10.0-0.nightly-2022-01-15-092722 $ oc get node NAME STATUS ROLES AGE VERSION jechen-0115d-zmlrk-master-0.c.openshift-qe.internal Ready master 30m v1.23.0+60f5a1c jechen-0115d-zmlrk-master-1.c.openshift-qe.internal Ready master 30m v1.23.0+60f5a1c jechen-0115d-zmlrk-master-2.c.openshift-qe.internal Ready master 30m v1.23.0+60f5a1c jechen-0115d-zmlrk-worker-a-khvzf.c.openshift-qe.internal Ready worker 20m v1.23.0+60f5a1c jechen-0115d-zmlrk-worker-b-4pf7t.c.openshift-qe.internal Ready worker 20m v1.23.0+60f5a1c $ oc patch hostsubnet jechen-0115d-zmlrk-worker-a-khvzf.c.openshift-qe.internal --type=merge -p '{"egressCIDRs":["10.0.128.0/17"]}' hostsubnet.network.openshift.io/jechen-0115d-zmlrk-worker-a-khvzf.c.openshift-qe.internal patched $ oc new-project test Now using project "test" on server "https://api.jechen-0115d.qe.gcp.devcluster.openshift.com:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app rails-postgresql-example to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 -- /agnhost serve-hostname $ oc patch netnamespace test --type=merge -p '{"egressIPs":["10.0.128.101"]}' netnamespace.network.openshift.io/test patched $ oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS CIDRS EGRESS IPS jechen-0115d-zmlrk-master-0.c.openshift-qe.internal jechen-0115d-zmlrk-master-0.c.openshift-qe.internal 10.0.0.5 10.129.0.0/23 jechen-0115d-zmlrk-master-1.c.openshift-qe.internal jechen-0115d-zmlrk-master-1.c.openshift-qe.internal 10.0.0.6 10.130.0.0/23 jechen-0115d-zmlrk-master-2.c.openshift-qe.internal jechen-0115d-zmlrk-master-2.c.openshift-qe.internal 10.0.0.7 10.128.0.0/23 jechen-0115d-zmlrk-worker-a-khvzf.c.openshift-qe.internal jechen-0115d-zmlrk-worker-a-khvzf.c.openshift-qe.internal 10.0.128.2 10.131.0.0/23 ["10.0.128.0/17"] ["10.0.128.101"] jechen-0115d-zmlrk-worker-b-4pf7t.c.openshift-qe.internal jechen-0115d-zmlrk-worker-b-4pf7t.c.openshift-qe.internal 10.0.128.3 10.128.2.0/23 # create test project and test pods $ oc create -f ./verification-tests/testdata/networking/list_for_pods.json replicationcontroller/test-rc created service/test-service created $ oc get pod NAME READY STATUS RESTARTS AGE test-rc-7m5bh 1/1 Running 0 9m18s test-rc-hv69h 1/1 Running 0 9m18s #curl the ip echo service from inside of test pod $ oc rsh test-rc-7m5bh ~ $ curl 10.0.0.2:8888 10.0.128.101~ $ <----- egressIP address is returned correctly $ exit # remove the egressIP, then curl the ip echo service from inside of test pods $ oc patch netnamespace test --type=merge -p '{"egressIPs":[]}' netnamespace.network.openshift.io/test patched $ oc rsh test-rc-7m5bh ~ $ curl 10.0.0.2:8888 10.0.128.3~ $ ~ $ exit $ oc rsh test-rc-hv69h ~ $ curl 10.0.0.2:8888 10.0.128.2~ $ ~ $ exit # added egressIP back, curl ip echo service from inside of test pods $ oc patch netnamespace test --type=merge -p '{"egressIPs":["10.0.128.101"]}' netnamespace.network.openshift.io/test patched $ oc rsh test-rc-7m5bh ~ $ curl 10.0.0.2:8888 10.0.128.101~ $ <----- egressIP address is returned correctly ~ $ exit $ oc rsh test-rc-hv69h ~ $ curl 10.0.0.2:8888 10.0.128.101~ $ <----- egressIP address is returned correctly ~ $ exit Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |