Bug 1749144
| Summary: | [OVN] Creation of service with external IP is forbidden | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Anurag saxena <anusaxen> |
| Component: | Networking | Assignee: | Casey Callendrello <cdc> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | bbennett, zzhao |
| Version: | 4.2.0 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.3.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-01-23 11:05:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
OVN is tech preview in 4.2. Pushing this bug to 4.3. This will be a limitation of the tech preview for 4.2. I don't think this is an OVN bug - it just takes ~5 minutes for ExternalIPPolicy to take effect. This bit of code isn't OVN (or sdn) specific. Anurag, can you try again? (In reply to Casey Callendrello from comment #3) > I don't think this is an OVN bug - it just takes ~5 minutes for > ExternalIPPolicy to take effect. This bit of code isn't OVN (or sdn) > specific. > > Anurag, can you try again? Sure Casey, i will give it a try again. yep, it took sometime to reconcile. Is there any way we can keep track in logs when the policy under networks.config has been updated across the cluster? That sort of thing is managed by the cluster-kube-apiserver-operator. So, you need to watch the clusteroperator leave Progressing state. I don't think we have any other logs. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |
Description of problem:External IP CIDR was added under allowed CIRDs to network operator config but cannot create a service with allowed external IP. See svc.json in additional info. Getting following error: $oc create -f svc.json The Service "" is invalid: spec.externalIPs: Forbidden: externalIPs have been disabled Version-Release number of selected component (if applicable):4.2.0-0.nightly-2019-09-03-062724 How reproducible:Always Steps to Reproduce: 1.oc edit oc edit network.config.openshift.io cluster -o yaml spec: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 externalIP: policy: allowedCIDRs: - 10.5.0.0/24 networkType: OVNKubernetes serviceNetwork: - 172.30.0.0/16 2. oc create -f svc.json 3. Actual results: service with extrnal ip is forbidden Expected results:svc should be created Additional info: $ cat svc.json { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "service-unsecure", "labels":{"name":"service-unsecure"} }, "spec": { "ports": [ { "name": "http", "protocol": "TCP", "port": 27017, "targetPort": 8080 } ], "externalIPs" : [ "10.5.0.1" ], "selector": { "name": "caddy-docker" } } }