Bug 1560586 - [3.8] Semi automatic namespace wide egress IP randomly shows up as node IP
Summary: [3.8] Semi automatic namespace wide egress IP randomly shows up as node IP
Keywords:
Status: CLOSED EOL
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.8.0
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
: 3.8.z
Assignee: Casey Callendrello
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On: 1552869
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-26 13:45 UTC by Dan Winship
Modified: 2019-12-05 22:01 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The "kube-proxy" and "kubelet" parts of the OpenShift node process were being given different default values for the config options describing how to interact with iptables. Consequence: OpenShift would periodically add a bogus iptables rule that would cause *some* per-project static egress IPs to not be used for some length of time, until the bogus rule was removed again. (While the bogus rule was present, traffic from those projects would use the node IP address of the node hosting the egress IP, rather than the egress IP itself.) Fix: The inconsistent configuration was resolved, causing the bogus iptables rule to no longer be added. Result: Projects consistently use their static egress IPs.
Clone Of: 1552869
Environment:
Last Closed: 2019-12-05 22:01:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift ose pull 1160 0 None None None 2019-12-05 21:44:09 UTC

Comment 1 Dan Winship 2018-03-26 16:39:17 UTC 
https://github.com/openshift/ose/pull/1160
Comment 2 Ben Bennett 2018-12-07 16:26:38 UTC 
Jumped to VERIFIED because the PR has landed, but we don't build 3.8 to QE.
Note You need to log in before you can comment on or make changes to this bug.