Bug 1633574 - Should not assign the egressIP to node automatically if there are multiple egressIPs in the project
Summary: Should not assign the egressIP to node automatically if there are multiple eg...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.11.z
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-27 10:13 UTC by Meng Bo
Modified: 2018-11-20 03:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-20 03:10:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 21122 0 None None None 2018-09-27 15:28:04 UTC
Red Hat Product Errata RHBA-2018:3537 0 None None None 2018-11-20 03:11:19 UTC

Description Meng Bo 2018-09-27 10:13:53 UTC 
Description of problem:
Try to add multiple egressIPs to the netnamespace, the egressIPs will be distributed to the node which have egressCIDRs value can cover the egressIPs above.


Version-Release number of selected component (if applicable):
oc v3.11.16
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://qe-bmeng-311-master-etcd-nfs-1:8443
openshift v3.11.16
kubernetes v1.11.0+d4cacc0


How reproducible:
always

Steps to Reproduce:
1. Setup multi node cluster

2. Patch the egressCIDR to some nodes
# oc patch hostsubnet node1 -p '{"egressCIDRs":["172.16.123.96/27"]}'
# oc patch hostsubnet node2 -p '{"egressCIDRs":["172.16.123.96/27"]}'

3. Try to add multiple egressIPs which belong to the range above to existing project
# oc patch netnamespaces bmengp1 -p '{"egressIPs":["172.16.123.100","172.16.123.101"]}'

4. Check the egressIPs on the nodes

Actual results:
The egress IPs get assigned to the node automatically.
# oc get hostsubnet 
NAME                                  HOST                                  HOST IP         SUBNET          EGRESS CIDRS         EGRESS IPS
qe-bmeng-311-master-etcd-nfs-1        qe-bmeng-311-master-etcd-nfs-1        172.16.122.49   10.128.0.0/23   []                   []
qe-bmeng-311-node-1                   qe-bmeng-311-node-1                   172.16.122.53   10.130.0.0/23   [172.16.123.96/27]   [172.16.123.101]
qe-bmeng-311-node-2                   qe-bmeng-311-node-2                   172.16.122.54   10.129.0.0/23   [172.16.123.96/27]   [172.16.123.100]
qe-bmeng-311-node-registry-router-1   qe-bmeng-311-node-registry-router-1   172.16.122.52   10.131.0.0/23   []                   []

# oc get netnamespace bmengp1
NAME      NETID      EGRESS IPS
bmengp1   13783964   [172.16.123.100, 172.16.123.101]

Expected results:
Should not auto assign the egressIPs if there are multiple egressIPs value set to netnamespace

Additional info:
The PR has been merged to build 3.11.16
https://github.com/openshift/origin/pull/20971/
Comment 1 Dan Winship 2018-09-27 13:49:49 UTC 
Hrmph. It works in the unit test...

Anyway, this is just about preventing people from misusing the feature; it doesn't affect anything when the feature is used correctly, so it can wait until 3.11.z
Comment 2 Dan Winship 2018-09-27 15:28:05 UTC 
https://github.com/openshift/origin/pull/21122
Comment 4 Meng Bo 2018-11-06 07:04:10 UTC 
Tested on ocp v3.11.38

The issue has been fixed.

The egressIP will not be assigned automatically when the netnamespace has multiple egressIPs.
Comment 6 errata-xmlrpc 2018-11-20 03:10:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3537
Note You need to log in before you can comment on or make changes to this bug.