Bug 1847558 - Kuryr blocks the usage of tcp and udp listeners on the same port for ovn-octavia provider
Summary: Kuryr blocks the usage of tcp and udp listeners on the same port for ovn-octa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.4.z
Assignee: Luis Tomas Bolivar
QA Contact: GenadiC
URL:
Whiteboard:
Depends On: 1846452
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-16 15:41 UTC by OpenShift BugZilla Robot
Modified: 2020-07-14 01:44 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Not blocking having several listeners (on different protocols) on the same port for ovn-octavia driver. Reason: This was not supported previously on the ovn octavia driver, but now it is supported and there is no need to block it Result: Several listeners on different protocols can be exposed in the same port. This means that we can have, for instance, the dns service to expose port 53 in both tcp and udp protocols when using ovn-octavia
Clone Of:
Environment:
Last Closed: 2020-07-14 01:43:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 675 0 None closed [release-4.4] [release-4.5] Bug 1847558: Drop ovn-octavia provider limitation for multiprotocol listeners 2020-09-26 13:03:24 UTC
Github openshift kuryr-kubernetes pull 286 0 None closed [release-4.4] [release-4.5] Bug 1847558: Remove ovn-octavia provider tcp+udp limitation 2020-09-26 13:03:24 UTC
Red Hat Product Errata RHBA-2020:2871 0 None None None 2020-07-14 01:44:15 UTC

Description OpenShift BugZilla Robot 2020-06-16 15:41:40 UTC 
+++ This bug was initially created as a clone of Bug #1846452 +++

+++ This bug was initially created as a clone of Bug #1846396 +++

Ovn-octavia provider now supports listeners on the same port
for different protocols and kuryr should not block its usage
Comment 3 rlobillo 2020-07-07 10:27:11 UTC 
Verified on OCP4.4.0-0.nightly-2020-07-04-120349 over OSP16.1 (RHOS-16.1-RHEL-8-20200625.n.0) with OVN.

No admission controllers observed on openshift-kuryr namespace with normal operation:

# openshfit-kuryr namespace:

(overcloud) [stack@undercloud-0 ~]$ oc get all -n openshift-kuryr
NAME                                   READY   STATUS    RESTARTS   AGE
pod/kuryr-cni-b6t7w                    1/1     Running   1          18h
pod/kuryr-cni-cn7d9                    1/1     Running   4          17h
pod/kuryr-cni-hwj2c                    1/1     Running   1          18h
pod/kuryr-cni-qwkll                    1/1     Running   0          18h
pod/kuryr-cni-t58bc                    1/1     Running   5          17h
pod/kuryr-cni-vt5q6                    1/1     Running   3          17h
pod/kuryr-controller-6b9565856-r68kn   1/1     Running   2          18h

NAME                       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/kuryr-cni   6         6         6       6            6           <none>          18h

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kuryr-controller   1/1     1            1           18h

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/kuryr-controller-6b9565856   1         1         1       18h


# test namespace:

[stack@undercloud-0 ~]$ oc get all -n test
NAME                               READY   STATUS      RESTARTS   AGE
pod/demo-1-55vxq                   1/1     Running     0          86s
pod/demo-1-deploy                  0/1     Completed   0          2m4s
pod/demo-allowed-caller-1-574x5    1/1     Running     0          93s
pod/demo-allowed-caller-1-deploy   0/1     Completed   0          2m4s
pod/demo-caller-1-5hgfd            1/1     Running     0          93s
pod/demo-caller-1-deploy           0/1     Completed   0          2m3s

NAME                                          DESIRED   CURRENT   READY   AGE
replicationcontroller/demo-1                  1         1         1       2m4s
replicationcontroller/demo-allowed-caller-1   1         1         1       2m4s
replicationcontroller/demo-caller-1           1         1         1       2m4s

NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/demo-1-55vxq   ClusterIP   172.30.75.5   <none>        80/TCP    30s

NAME                                                     REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/demo                  1          1         1         config
deploymentconfig.apps.openshift.io/demo-allowed-caller   1          1         1         config
deploymentconfig.apps.openshift.io/demo-caller           1          1         1         config

(overcloud) [stack@undercloud-0 ~]$ oc rsh pod/demo-caller-1-5hgfd curl 172.30.75.5
demo-1-55vxq: HELLO! I AM ALIVE!!!


# OVN-Octavia provider on use:

(overcloud) [stack@undercloud-0 ~]$  openstack loadbalancer provider list
+---------+-------------------------------------------------+
| name    | description                                     |
+---------+-------------------------------------------------+
| amphora | The Octavia Amphora driver.                     |
| octavia | Deprecated alias of the Octavia Amphora driver. |
| ovn     | Octavia OVN driver.                             |
+---------+-------------------------------------------------+

(overcloud) [stack@undercloud-0 ~]$ openstack loadbalancer show test/demo-1-55vxq
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2020-07-07T10:19:13                  |
| description         |                                      |
| flavor_id           | None                                 |
| id                  | 2558de58-7e31-48f9-be0b-83210231428f |
| listeners           | 12c28b6d-9548-4c32-88a3-7a49a070336a |
| name                | test/demo-1-55vxq                    |
| operating_status    | ONLINE                               |
| pools               | 4501acf8-5237-432b-826d-fe2620e8d37a |
| project_id          | 6720f8c5f66040d5a9e6d93c4094c18d     |
| provider            | ovn                                  |
| provisioning_status | ACTIVE                               |
| updated_at          | 2020-07-07T10:19:33                  |
| vip_address         | 172.30.75.5                          |
| vip_network_id      | 99bc548e-fac5-4fcd-8aae-003ab5ce1eef |
| vip_port_id         | 4cfc9997-aa4b-42fe-9d9f-a85956a0ddbc |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | 41202f83-04b7-435b-90ce-1ec9c67b3881 |
+---------------------+--------------------------------------+

(overcloud) [stack@undercloud-0 ~]$ openstack loadbalancer listener list | grep dns-default
| 2490dd03-7ad9-4e9b-b395-1fdce380dd57 | 660ac6e5-2514-45af-b135-69429cd71b50 | openshift-dns/dns-default:TCP:53                                                    | 6720f8c5f66040d5a9e6d93c4094c18d | TCP      |            53 | True           |
| 1cf3b487-c697-45f3-ab0c-36228cf91176 | 32999e93-bb5f-40e5-aa07-fd81b07fb293 | openshift-dns/dns-default:TCP:9153                                                  | 6720f8c5f66040d5a9e6d93c4094c18d | TCP      |          9153 | True           |
| 046cbdc1-40db-4cff-82e5-ab5c7ce18a9a | b001249e-9811-473c-b098-6bb3749d0206 | openshift-dns/dns-default:UDP:53                                                    | 6720f8c5f66040d5a9e6d93c4094c18d | UDP      |            53 | True           |
Comment 5 errata-xmlrpc 2020-07-14 01:43:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2871
Note You need to log in before you can comment on or make changes to this bug.