Description of problem:
After deploying OCP 3.5 on OpenStack 10 is it required
You need to set the following in the forward chain for pod to pod communication present on different nodes->
ansible nodes -b -m shell -a 'iptables -I FORWARD -d 172.30.0.0/16 -i eth1 -j ACCEPT'
where 172.30.0.0/16 is cluster or pod cidr and eth1 is used by flannel.
Version-Release number of selected component (if applicable):
openshift 3.5 on Openstack 10, VMS have RHEL version 7.3
Steps to Reproduce:
1. deploy openshift 3.5 on Openstack 10, VMS have RHEL version 7.3
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
was also needed
Ivan, can you work with the installer team to see how we can get the above rules added to the ansible installer.
Created WIP Pull Request https://github.com/openshift/openshift-ansible/pull/5853
*** Bug 1490820 has been marked as a duplicate of this bug. ***
Tested with openshift-ansible-3.9.0-0.31.0.git.0.e0a0ad8.el7.noarch.rpm the following iptables rules are added
-A POSTROUTING -o eth0 -m comment --comment "Allow external network access" -j MASQUERADE
-A FORWARD -d 10.128.0.0/14 -i eth0 -m comment --comment "Pod to Pod communication" -j ACCEPT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.