1726045 – cannot access to the service's externalIP with egressIP in openshift-ovs-multitenant environment

Bug 1726045 - cannot access to the service's externalIP with egressIP in openshift-ovs-multitenant environment

Summary: cannot access to the service's externalIP with egressIP in openshift-ovs-mult...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	4.2.0
Assignee:	Casey Callendrello
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1733429 1737386
TreeView+	depends on / blocked

Reported:	2019-07-02 06:33 UTC by Min Woo Park
Modified:	2023-12-15 16:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1733429 1737386 (view as bug list)
Environment:
Last Closed:	2019-10-16 06:32:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift sdn pull 13	0	'None'	closed	Bug 1726045: skip OPENSHIFT-MASQ for traffic already marked for masquerade	2021-01-15 05:46:04 UTC
Red Hat Product Errata	RHBA-2019:2922	0	None	None	None	2019-10-16 06:32:59 UTC

Comment 6 zhaozhanqi 2019-07-02 08:15:12 UTC

@weibin
Could you help this bug if can be reproduced? thanks.

Comment 7 Min Woo Park 2019-07-04 06:00:25 UTC

Hi,

Any update for this?

Comment 18 Casey Callendrello 2019-07-13 00:09:24 UTC

OK, should have a fix for this. Wound up being easier than I thought.

master pr: https://github.com/openshift/origin/pull/23373

Comment 19 Casey Callendrello 2019-07-24 12:48:56 UTC

Master PR: https://github.com/openshift/sdn/pull/13

Will file backport PRs once this is VERIFIED.

Comment 21 zhaozhanqi 2019-07-25 07:22:25 UTC

hi, Casey

in 4.2. when I create service with 'externalip', it shows error "Forbidden: externalIPs have been disabled".

I edit the 'networks.config.openshift.io' to add 'AllowedCIDRs: 10.73.0.0/14', see:

spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  externalIP:
    policy:
      AllowedCIDRs: 10.73.0.0/14
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16

how to make the 'AllowedCIDRs: 10.73.0.0/14' take effect after I updated this?

Comment 22 Casey Callendrello 2019-07-25 11:56:53 UTC

I answered this in chat as well, but capturing this here: allowedCIDRs needs to be lowercase-A and is an array. So it should look like
spec:
  externalIP:
    policy:
      allowedCIDRs:
      - 10.73.0.0/14

Comment 24 Casey Callendrello 2019-07-26 14:28:06 UTC

Ah, interesting. It will work on freshly rebooted nodes. Looks like we need to clean up the old rule as well.

Comment 25 Casey Callendrello 2019-07-29 12:05:11 UTC

New PR merged, please re-QE: https://github.com/openshift/sdn/pull/17

Comment 28 errata-xmlrpc 2019-10-16 06:32:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922

Note You need to log in before you can comment on or make changes to this bug.