Bug 1641647 - kuryr-controller cannot access OpenShift API LB members with OVN if running on master nodes
Summary: kuryr-controller cannot access OpenShift API LB members with OVN if running o...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.11.z
Assignee: Luis Tomas Bolivar
QA Contact: Jon Uriarte
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-22 12:38 UTC by Luis Tomas Bolivar
Modified: 2019-09-24 08:08 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When using OVN, LoadBalancer members cannot access themselves through the LoadBalancer VIP. Consequence: If kuryr-controller pod (which uses host-networking) is running on a master node (where the OpenShift API is running), then the kuryr-controller cannot access the OpenShift API Fix: Forces kuryr-controller to be on infra nodes
Clone Of:
Environment:
Last Closed: 2019-09-24 08:08:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift openshift-ansible pull 10469 0 'None' closed Ensure Kuryr-controller runs on infra nodes 2021-01-21 13:17:27 UTC
Github openshift openshift-ansible pull 10554 0 'None' closed [release-3.11] Ensure Kuryr-controller runs on infra nodes 2021-01-21 13:18:08 UTC
Red Hat Product Errata RHBA-2019:2816 0 None None None 2019-09-24 08:08:18 UTC

Description Luis Tomas Bolivar 2018-10-22 12:38:46 UTC 
When using OVN, LoadBalancer members cannot access themselves through the LoadBalancer VIP. Thus, if kuryr-controller pod (which uses host-networking) is running on a master node (where the OpenShift API is running), then the kuryr-controller cannot access the OpenShift API
Comment 9 Jon Uriarte 2019-08-27 13:38:27 UTC 
Verified on openshift-ansible-3.11.141 on top of OSP 13 2019-06-25.1 puddle.

Kuryr-controller pod runs on an infra node:

[openshift@master-0 ~]$ oc get pods -n kuryr -o wide
NAME                                READY     STATUS    RESTARTS   AGE       IP              NODE                                 NOMINATED NODE
kuryr-cni-ds-6h8q2                  2/2       Running   1          2h        192.168.99.16   master-0.openshift.example.com       <none>
kuryr-cni-ds-gnr79                  2/2       Running   1          2h        192.168.99.7    infra-node-2.openshift.example.com   <none>
kuryr-cni-ds-j9pcr                  2/2       Running   0          2h        192.168.99.14   app-node-1.openshift.example.com     <none>
kuryr-cni-ds-n4klv                  2/2       Running   0          2h        192.168.99.6    app-node-0.openshift.example.com     <none>
kuryr-cni-ds-sks7m                  2/2       Running   1          2h        192.168.99.9    master-1.openshift.example.com       <none>
kuryr-cni-ds-tcvk8                  2/2       Running   0          2h        192.168.99.30   infra-node-0.openshift.example.com   <none>
kuryr-cni-ds-x6f66                  2/2       Running   2          2h        192.168.99.23   master-2.openshift.example.com       <none>
kuryr-cni-ds-zg5j2                  2/2       Running   0          2h        192.168.99.12   infra-node-1.openshift.example.com   <none>
kuryr-controller-7cf75d55c9-fnq9q   1/1       Running   3          2h        192.168.99.7    infra-node-2.openshift.example.com   <none>
Comment 11 errata-xmlrpc 2019-09-24 08:08:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2816
Note You need to log in before you can comment on or make changes to this bug.