1942856 – Unable to assign nodes for EgressIP even if the egress-assignable label is set

Bug 1942856 - Unable to assign nodes for EgressIP even if the egress-assignable label is set

Summary: Unable to assign nodes for EgressIP even if the egress-assignable label is set

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.6
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Alexander Constantinescu
QA Contact:	huirwang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1959737
TreeView+	depends on / blocked

Reported:	2021-03-25 08:29 UTC by Jonas Nordell
Modified:	2021-11-22 06:58 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Fire-walling blocking connectivity on port 9 between master nodes and egress-assigned nodes Consequence: Egress IP assignment does not occur since the health check detection in ovnkube-master detects a non-reachable node, due to the firewall. Fix: Enable access between master nodes and egress-assignable nodes on port 9 Result: Egress IP will get assigned.
Clone Of:
Clones:	1959737 (view as bug list)
Environment:
Last Closed:	2021-07-27 22:55:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift ovn-kubernetes pull 496	None	closed	4-9-21 merge	2021-04-12 08:45:31 UTC
Github	ovn-org ovn-kubernetes pull 2153	None	closed	Fix: egress IP route health check detection state on restart	2021-05-12 07:56:46 UTC
Red Hat Knowledge Base (Solution)	5905161	None	None	None	2021-03-25 08:52:05 UTC
Red Hat Product Errata	RHSA-2021:2438	None	None	None	2021-07-27 22:56:10 UTC

Description Jonas Nordell 2021-03-25 08:29:32 UTC

Description of problem:

EgressIP fails to be assigned to any node with the error "NoMatchingNodeFound" even if there are nodes that carry the needed label "k8s.ovn.org/egress-assignable"


Version-Release number of selected component (if applicable):

RHOCP 4.6.19

How reproducible:

Only in customer environment


Steps to Reproduce:
1. Label nodes "oc label node/<node name> k8s.ovn.org/egress-assignable=""
2. Create EIP object
3.

Actual results:

Egress should be assigned to a node with the label


Expected results:

ovnkube-master container logs the following error message

I0325 08:02:39.751975       1 event.go:278] Event(v1.ObjectReference{Kind:"EgressIP", Namespace:"", Name:"egress-test-project", UID:"", APIVersion:"", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'NoMatchingNodeFound' no assignable nodes for EgressIP: egress-test-project, please tag at least one node with label: k8s.ovn.org/egress-assignable


Additional info:

Comment 21 errata-xmlrpc 2021-07-27 22:55:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Comment 22 Dan Winship 2021-09-09 12:58:47 UTC

FTR, customers are NOT supposed to have to open port 9, and I have filed a bug about that. https://bugzilla.redhat.com/show_bug.cgi?id=2002657

Note You need to log in before you can comment on or make changes to this bug.