Bug 2083041
| Summary: | Updating externalTrafficPolicy=cluster to externalTrafficPolicy=local doesn't work | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | huirwang |
| Component: | Networking | Assignee: | Surya Seetharaman <surya> |
| Networking sub component: | ovn-kubernetes | QA Contact: | huirwang |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | surya |
| Version: | 4.10 | Keywords: | Triaged |
| Target Milestone: | --- | ||
| Target Release: | 4.12.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-01-17 19:48:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 5
Surya Seetharaman
2022-09-15 12:55:24 UTC
Maybe I should add an upstream e2e about updating the ETP value. That might help catch this in CNI plugins if they aren't implemented. https://github.com/ovn-org/ovn-kubernetes/pull/3164 posted. Tested on AWS: [surya@hidden-temple yaml_debugging]$ oc describe svc -n surya2 Name: hello-world-2 Namespace: surya2 Labels: <none> Annotations: <none> Selector: run=load-balancer-example-2 Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 172.30.126.107 IPs: 172.30.126.107 LoadBalancer Ingress: blah.us-east-2.elb.amazonaws.com Port: <unset> 80/TCP TargetPort: 8080/TCP NodePort: <unset> 32480/TCP Endpoints: 10.128.2.4:8080 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuringLoadBalancer 51s service-controller Ensuring load balancer Normal EnsuredLoadBalancer 47s service-controller Ensured load balancer [surya@hidden-temple yaml_debugging]$ kubectl patch svc -n surya2 hello-world-2 -p '{"spec":{"externalTrafficPolicy":"Local"}}' service/hello-world-2 patched surya@hidden-temple yaml_debugging]$ oc describe svc -n surya2 Name: hello-world-2 Namespace: surya2 Labels: <none> Annotations: <none> Selector: run=load-balancer-example-2 Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 172.30.126.107 IPs: 172.30.126.107 LoadBalancer Ingress: blah.us-east-2.elb.amazonaws.com Port: <unset> 80/TCP TargetPort: 8080/TCP NodePort: <unset> 32480/TCP Endpoints: 10.128.2.4:8080 Session Affinity: None External Traffic Policy: Local HealthCheck NodePort: 32161 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuringLoadBalancer 27s (x2 over 93s) service-controller Ensuring load balancer Normal ExternalTrafficPolicy 27s service-controller Cluster -> Local Normal EnsuredLoadBalancer 26s (x2 over 89s) service-controller Ensured load balancer $ oc rsh -c ovnkube-node-8wrpr -n openshift-ovn-kubernetes error: pod, type/name or --filename must be specified [surya@hidden-temple ovn-kubernetes]$ oc rsh -c ovnkube-node -n openshift-ovn-kubernetes ovnkube-node-8wrpr sh-4.4# curl localhost:32161/healthz { "service": { "namespace": "surya2", "name": "hello-world-2" }, "localEndpoints": 1 } [surya@hidden-temple yaml_debugging]$ kubectl patch svc -n surya2 hello-world-2 -p '{"spec":{"externalTrafficPolicy":"Cluster"}}' service/hello-world-2 patched [surya@hidden-temple yaml_debugging]$ oc describe svc -n surya2 Name: hello-world-2 Namespace: surya2 Labels: <none> Annotations: <none> Selector: run=load-balancer-example-2 Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 172.30.126.107 IPs: 172.30.126.107 LoadBalancer Ingress: blah.us-east-2.elb.amazonaws.com Port: <unset> 80/TCP TargetPort: 8080/TCP NodePort: <unset> 32480/TCP Endpoints: 10.128.2.4:8080 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ExternalTrafficPolicy 3m36s service-controller Cluster -> Local Normal EnsuringLoadBalancer 7s (x3 over 4m42s) service-controller Ensuring load balancer Normal ExternalTrafficPolicy 7s service-controller Local -> Cluster Normal EnsuredLoadBalancer 6s (x3 over 4m38s) service-controller Ensured load balancer sh-4.4# curl localhost:32161/healthz curl: (7) Failed to connect to localhost port 32161: Connection refused sh-4.4# $ curl blah.us-east-2.elb.amazonaws.com:80 Hello Kubernetes! $ kubectl patch svc -n surya2 hello-world-2 -p '{"spec":{"externalTrafficPolicy":"Local"}}' service/hello-world-2 patched [surya@hidden-temple yaml_debugging]$ oc describe svc -n surya2 Name: hello-world-2 Namespace: surya2 Labels: <none> Annotations: <none> Selector: run=load-balancer-example-2 Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 172.30.126.107 IPs: 172.30.126.107 LoadBalancer Ingress: blah.us-east-2.elb.amazonaws.com Port: <unset> 80/TCP TargetPort: 8080/TCP NodePort: <unset> 32480/TCP Endpoints: 10.128.2.4:8080 Session Affinity: None External Traffic Policy: Local HealthCheck NodePort: 31983 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal ExternalTrafficPolicy 3m50s service-controller Local -> Cluster Normal EnsuringLoadBalancer 6s (x4 over 8m25s) service-controller Ensuring load balancer Normal ExternalTrafficPolicy 6s (x2 over 7m19s) service-controller Cluster -> Local Normal EnsuredLoadBalancer 5s (x4 over 8m21s) service-controller Ensured load balancer sh-4.4# curl localhost:31983/healthz { "service": { "namespace": "surya2", "name": "hello-world-2" }, "localEndpoints": 1 } [surya@hidden-temple yaml_debugging]$ curl blah.us-east-2.elb.amazonaws.com:80 Hello Kubernetes! Downstream merge to bring in the upstream commit is open: https://github.com/openshift/ovn-kubernetes/pull/1275/commits/4c7add6a642689b7429babf1761c13942c3a9577 Merged: https://github.com/openshift/ovn-kubernetes/pull/1289/commits/4c7add6a642689b7429babf1761c13942c3a9577 Since its bulk merge manually moving state to MODIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399 |