Red Hat Bugzilla – Bug 1609112
[EehJwaEa] Should clean the un-used egressIP when it was not being taken for a while
Last modified: 2018-10-18 06:38:53 EDT
Description of problem: When a netnamespace uses a egressIP which is in the egressCIDRs range defined on the node. It will add the egressIP to the hostsubnet array. But it will never be removed. This will make the array have a lot of values which are not being used. Version-Release number of selected component (if applicable): v3.10.0-0.9.0 How reproducible: always Steps to Reproduce: 1. Setup ocp cluster with multitenant or networkpolicy plugin 2. Set the egressCIDRs range to any of the node # oc patch hostsubnet node1 -p '{"egressCIDRs":["10.66.140.0/23"]}' 3. Create a project via user 4. Update the netnamespace's egressIP via loop # for i in `seq 1 20` ; do oc patch netnamespace u1p1 -p "{\"egressIPs\":[\"10.66.140.$i\"]}" ; done 5. Check the egressIPs value on the hostsubnet after a few minutes Actual results: It will a large list of egressIPs which are not being used. [root@ocp311-master ~]# oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS IPS ocp311-master.bmeng.local ocp311-master.bmeng.local 10.66.140.72 10.128.0.0/25 [] ocp311-node.bmeng.local ocp311-node.bmeng.local 10.66.140.77 10.128.1.0/25 [10.66.140.20, 10.66.140.101, 10.66.140.200, 10.66.140.2, 10.66.140.5, 10.66.140.8, 10.66.140.9, 10.66.140.16, 10.66.140.18, 10.66.140.19, 10.66.140.100, 10.66.140.23, 10.66.140.1, 10.66.141.255, 10.66.140.4, 10.66.140.7, 10.66.140.11, 10.66.140.12, 10.66.140.77, 10.66.140.3, 10.66.140.6, 10.66.140.10, 10.66.140.13, 10.66.140.14, 10.66.140.15, 10.66.140.17] Expected results: Should clear the un-used egressIPs right after the egressIP being unset or in a fixed period. Additional info:
(In reply to Meng Bo from comment #0) > Version-Release number of selected component (if applicable): > v3.10.0-0.9.0 3.10 doesn't have EgressCIDR support...
(In reply to Dan Winship from comment #1) > (In reply to Meng Bo from comment #0) > > Version-Release number of selected component (if applicable): > > v3.10.0-0.9.0 > > 3.10 doesn't have EgressCIDR support... Oh, sorry, it is a typo, should be 3.11.0-0.9.0
https://github.com/openshift/origin/pull/20500
PR has been merged in v3.11.0-0.15.0, move to ON_QA
Tested on v3.11.0-0.17.0 The egressIP on node will be cleaned when the value is updated on the netnamespace. But when clear the array from the netnamespace, it will still leave the last used IP in the hostsubnet. [root@ocp311-master ~]# oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS IPS ocp311-master.bmeng.local ocp311-master.bmeng.local 10.66.140.72 10.128.0.0/25 [] ocp311-node.bmeng.local ocp311-node.bmeng.local 10.66.140.77 10.128.1.0/25 [10.66.140.200] [root@ocp311-master ~]# oc patch netnamespace bmengpp -p '{"egressIPs":["10.66.140.201"]}' netnamespace.network.openshift.io/bmengpp patched [root@ocp311-master ~]# oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS IPS ocp311-master.bmeng.local ocp311-master.bmeng.local 10.66.140.72 10.128.0.0/25 [] ocp311-node.bmeng.local ocp311-node.bmeng.local 10.66.140.77 10.128.1.0/25 [10.66.140.201] [root@ocp311-master ~]# oc patch netnamespace bmengpp -p '{"egressIPs":[]}' netnamespace.network.openshift.io/bmengpp patched [root@ocp311-master ~]# oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS IPS ocp311-master.bmeng.local ocp311-master.bmeng.local 10.66.140.72 10.128.0.0/25 [] ocp311-node.bmeng.local ocp311-node.bmeng.local 10.66.140.77 10.128.1.0/25 [10.66.140.201]
https://github.com/openshift/origin/pull/20718
Tested on v3.11.0-0.32.0 Issue has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2652