Bug 1726045 - cannot access to the service's externalIP with egressIP in openshift-ovs-multitenant environment
Summary: cannot access to the service's externalIP with egressIP in openshift-ovs-mult...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.2.0
Assignee: Casey Callendrello
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks: 1733429 1737386
TreeView+ depends on / blocked
 
Reported: 2019-07-02 06:33 UTC by Min Woo Park
Modified: 2019-10-23 19:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1733429 1737386 (view as bug list)
Environment:
Last Closed: 2019-10-16 06:32:48 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift sdn pull 13 0 'None' closed Bug 1726045: skip OPENSHIFT-MASQ for traffic already marked for masquerade 2021-01-15 05:46:04 UTC
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:32:59 UTC

Comment 6 zhaozhanqi 2019-07-02 08:15:12 UTC
@weibin
Could you help this bug if can be reproduced? thanks.

Comment 7 Min Woo Park 2019-07-04 06:00:25 UTC
Hi,

Any update for this?

Comment 18 Casey Callendrello 2019-07-13 00:09:24 UTC
OK, should have a fix for this. Wound up being easier than I thought.

master pr: https://github.com/openshift/origin/pull/23373

Comment 19 Casey Callendrello 2019-07-24 12:48:56 UTC
Master PR: https://github.com/openshift/sdn/pull/13

Will file backport PRs once this is VERIFIED.

Comment 21 zhaozhanqi 2019-07-25 07:22:25 UTC
hi, Casey

in 4.2. when I create service with 'externalip', it shows error "Forbidden: externalIPs have been disabled".

I edit the 'networks.config.openshift.io' to add 'AllowedCIDRs: 10.73.0.0/14', see:

spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  externalIP:
    policy:
      AllowedCIDRs: 10.73.0.0/14
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16

how to make the 'AllowedCIDRs: 10.73.0.0/14' take effect after I updated this?

Comment 22 Casey Callendrello 2019-07-25 11:56:53 UTC
I answered this in chat as well, but capturing this here: allowedCIDRs needs to be lowercase-A and is an array. So it should look like
spec:
  externalIP:
    policy:
      allowedCIDRs:
      - 10.73.0.0/14

Comment 24 Casey Callendrello 2019-07-26 14:28:06 UTC
Ah, interesting. It will work on freshly rebooted nodes. Looks like we need to clean up the old rule as well.

Comment 25 Casey Callendrello 2019-07-29 12:05:11 UTC
New PR merged, please re-QE: https://github.com/openshift/sdn/pull/17

Comment 28 errata-xmlrpc 2019-10-16 06:32:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922


Note You need to log in before you can comment on or make changes to this bug.