1952917 – LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath

Bug 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath

Summary: LoadBalancer Service type with invalid external loadbalancer IP breaks the da...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Windows Containers
Sub Component:
Version:	4.7
Hardware:	x86_64
OS:	Windows
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.7.z
Assignee:	Aravindh Puthiyaparambil
QA Contact:	gaoshang
Docs Contact:
URL:
Whiteboard:
Depends On:	1952914
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-23 14:44 UTC by Aravindh Puthiyaparambil
Modified:	2021-06-23 05:39 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: empty IP address value in the load balancer ingress IP field is breaking the data path. Consequence: Kube proxy doesn't honor the ingress IP address being empty and plumbs an invalid HNS policy. Fix: The fix prevents the plumbing of such invalid HNS policy. Result: Data path is no longer broken
Clone Of:	1952914
Environment:
Last Closed:	2021-06-23 05:39:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubernetes kubernetes issues 99964	None	closed	[Windows Kube-proxy]LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath	2021-04-23 14:57:42 UTC
Github	openshift kubernetes pull 697	None	closed	Bug 1952917: UPSTREAM: 100228: For LoadBalancer Service type don't create a HNS policy for empty or invalid external loa...	2021-04-30 14:09:20 UTC
Red Hat Product Errata	RHSA-2021:2130	None	None	None	2021-06-23 05:39:42 UTC

Comment 1 Ronnie Rasouli 2021-05-06 12:46:20 UTC

oc get all
NAME                                   READY   STATUS    RESTARTS   AGE
pod/linux-webserver-7bbd7888f9-l6gd7   1/1     Running   0          7m27s
pod/win-webserver-549cd7495d-kr8f4     1/1     Running   0          7m28s

NAME                      TYPE           CLUSTER-IP      EXTERNAL-IP                            PORT(S)          AGE
service/kubernetes        ClusterIP      172.30.0.1      <none>                                 443/TCP          140m
service/linux-webserver   LoadBalancer   172.30.46.206   20.40.246.84                           8080:32747/TCP   7m28s
service/openshift         ExternalName   <none>          kubernetes.default.svc.cluster.local   <none>           133m
service/win-webserver     LoadBalancer   172.30.135.82   20.40.246.81                           80:30131/TCP     7m28s

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/linux-webserver   1/1     1            1           7m27s
deployment.apps/win-webserver     1/1     1            1           7m28s

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/linux-webserver-7bbd7888f9   1         1         1       7m27s
replicaset.apps/win-webserver-549cd7495d     1         1         1       7m28s
[cloud-user@PSI-VM ~]>curl 20.40.246.84:8080
Linux Container Web Server[cloud-user@PSI-VM ~]>curl 20.40.246.81
<html><body><H1>Windows Container Web Server</H1></body></html>[cloud-user@PSI-VM ~]>

Server Version: 4.7.0-0.nightly-2021-05-05-092347

Comment 4 errata-xmlrpc 2021-06-23 05:39:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2130

Note You need to log in before you can comment on or make changes to this bug.