Bug 2079517

Summary: NodePort externalTrafficPolicy does not work for ovn-kubernetes
Product: OpenShift Container Platform Reporter: Miciah Dashiel Butler Masters <mmasters>
Component: NetworkingAssignee: Miciah Dashiel Butler Masters <mmasters>
Networking sub component: router QA Contact: Hongan Li <hongli>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: anbhat, anusaxen, aos-bugs, astoycos, bbennett, dcbw, djuran, mapandey, mateusz.bacal, mmasters, moddi, openshift-bugzilla-robot, palonsor, rupatel, suc, surya, vpickard, zzhao
Version: 4.6   
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: On most cloud platforms, the ingress operator creates LoadBalancer-type services with "externalTrafficPolicy: Local" for ingress traffic. However, OVN-Kubernetes in OpenShift 4.9 does not implement "externalTrafficPolicy: Local". Consequence: Usually, specifying "externalTrafficPolicy: Local" has no effect. However, some users report that it can cause imbalanced traffic over router pod replicas with some external load-balancers. Fix: The ingress operator was changed to specify "externalTrafficPolicy: Cluster" when the cluster uses OVN-Kubernetes. Result: Traffic should now be properly balanced across router pod replicas.
 Story Points: ---
Clone Of: 2060542 Environment:
Last Closed: 2022-06-14 12:54:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1903408    
Bug Blocks:    

Comment 1 Hongan Li 2022-06-06 03:44:32 UTC 
verified with cluster-bot and test passed

# oc get clusterversion
NAME      VERSION                                                  AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.ci.test-2022-06-06-021116-ci-ln-tdkik1t-latest   True        False         57m     Cluster version is 4.9.0-0.ci.test-2022-06-06-021116-ci-ln-tdkik1t-latest

# oc get network cluster -oyaml
status:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  clusterNetworkMTU: 1360
  networkType: OVNKubernetes
  serviceNetwork:
  - 172.30.0.0/16


# oc -n openshift-ingress get svc/router-default -oyaml
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 172.30.245.102
  clusterIPs:
  - 172.30.245.102
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
Comment 6 errata-xmlrpc 2022-06-14 12:54:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.38 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:4973