Description of problem: Try to add multiple egressIPs to the netnamespace, the egressIPs will be distributed to the node which have egressCIDRs value can cover the egressIPs above. Version-Release number of selected component (if applicable): oc v3.11.16 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://qe-bmeng-311-master-etcd-nfs-1:8443 openshift v3.11.16 kubernetes v1.11.0+d4cacc0 How reproducible: always Steps to Reproduce: 1. Setup multi node cluster 2. Patch the egressCIDR to some nodes # oc patch hostsubnet node1 -p '{"egressCIDRs":["172.16.123.96/27"]}' # oc patch hostsubnet node2 -p '{"egressCIDRs":["172.16.123.96/27"]}' 3. Try to add multiple egressIPs which belong to the range above to existing project # oc patch netnamespaces bmengp1 -p '{"egressIPs":["172.16.123.100","172.16.123.101"]}' 4. Check the egressIPs on the nodes Actual results: The egress IPs get assigned to the node automatically. # oc get hostsubnet NAME HOST HOST IP SUBNET EGRESS CIDRS EGRESS IPS qe-bmeng-311-master-etcd-nfs-1 qe-bmeng-311-master-etcd-nfs-1 172.16.122.49 10.128.0.0/23 [] [] qe-bmeng-311-node-1 qe-bmeng-311-node-1 172.16.122.53 10.130.0.0/23 [172.16.123.96/27] [172.16.123.101] qe-bmeng-311-node-2 qe-bmeng-311-node-2 172.16.122.54 10.129.0.0/23 [172.16.123.96/27] [172.16.123.100] qe-bmeng-311-node-registry-router-1 qe-bmeng-311-node-registry-router-1 172.16.122.52 10.131.0.0/23 [] [] # oc get netnamespace bmengp1 NAME NETID EGRESS IPS bmengp1 13783964 [172.16.123.100, 172.16.123.101] Expected results: Should not auto assign the egressIPs if there are multiple egressIPs value set to netnamespace Additional info: The PR has been merged to build 3.11.16 https://github.com/openshift/origin/pull/20971/
Hrmph. It works in the unit test... Anyway, this is just about preventing people from misusing the feature; it doesn't affect anything when the feature is used correctly, so it can wait until 3.11.z
https://github.com/openshift/origin/pull/21122
Tested on ocp v3.11.38 The issue has been fixed. The egressIP will not be assigned automatically when the netnamespace has multiple egressIPs.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3537