Description of problem: When IPsec feature is enabled and a cluster installed on GCP, the cluster does start correctly giving connectivity errors across multiple components as many operators are unavailable. Version-Release number of selected component (if applicable): 4.7 How reproducible: Always Steps to Reproduce: 1. Start cluster using GCP installer with a configuration such as: spec: defaultNetwork: type: OVNKubernetes ovnKubernetesConfig: ipsecConfig: {} Actual results: * Cluster fails to start Expected results: * Cluster start correctly Additional info:
I deployed a cluster without enabling IPsec and tried to send ESP traffic between nodes. I was unable to do this which suggests that ESP traffic is being blocked. This is probably requires firewall rules to enable IKE, ESP and Nat-t traffic.
@anurag, I guess this issue should be fixed according to above comment. could you help double confirm this?
Changes were made for the IPI installation path but not for the UPI installation path. Similar changes need to be made for UPI as well.