1890494 – Error assigning Egress IP on GCP

Bug 1890494 - Error assigning Egress IP on GCP

Summary: Error assigning Egress IP on GCP

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Dan Winship
QA Contact:	huirwang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-10-22 11:58 UTC by siva kanakala
Modified:	2021-02-24 15:28 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	1920232 (view as bug list)
Environment:
Last Closed:	2021-02-24 15:27:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:5633	0	None	None	None	2021-02-24 15:28:13 UTC

Internal Links: 1891894

Comment 2 Dan Winship 2020-10-27 18:08:58 UTC

It seems that the way that host networking is set up in GCP is incompatible with openshift-sdn's egress IP code. There is no workaround.

The egress IP documentation should probably be clearer about the fact that we do not necessarily expect egress IPs to work on any platform except bare metal. (At least, currently.)

Comment 5 Dan Winship 2020-10-29 14:27:36 UTC

@zhaozhanqi can you confirm what platforms QE currently tests egress IPs on? We need to update the documentation to be clearer about what platforms we support, and we may need to add QE coverage for additional platforms.

Comment 9 Dan Winship 2021-01-25 21:09:12 UTC

OK, bug 1920232 now covers updating the existing documentation to correctly describe the current state of affairs (including the fact that you can make it work on AWS and Azure if you know what to do, but you can't make it work on GCE).

https://issues.redhat.com/browse/SDN-1332 covers adding egress IP support for GCE (on both openshift-sdn and ovn-kubernetes). https://issues.redhat.com/browse/SDN-1315 and https://issues.redhat.com/browse/SDN-1316 cover adding _automatic_ egress IP support for AWS and Azure (on both openshift-sdn and ovn-kubernetes).

All that is left to do in this bug then is to update our QE testing to make sure that we don't accidentally break manual egress IPs on AWS/Azure until then.

So, QE needs to add a test that:

  - When using openshift-sdn...

  - on either AWS or Azure (probably don't need to test both; just test whichever is easier)...

  - if you go into the AWS/Azure console and add a secondary IPv4 address to the primary
    network interface on one of the nodes...

  - then you can use that IP as a manually-configured egress IP and it will work just
    like egress IPs on bare metal do

  - (You don't have to test automatically-configured egress IPs in this configuration because
    they're not expected to work.)

Hopefully the "adding a secondary IPv4 address" step should be somewhat obvious but if it's not then poke me again and I can try to figure it out.

Comment 12 Dan Winship 2021-01-27 12:36:19 UTC

@huirwang not sure if you did this or not, but I wanted to make sure that that test gets added to the set of tests that get run when validating a new release

Comment 16 errata-xmlrpc 2021-02-24 15:27:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Note You need to log in before you can comment on or make changes to this bug.