Bug 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath
Summary: LoadBalancer Service type with invalid external loadbalancer IP breaks the da...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Windows Containers
Version: 4.7
Hardware: x86_64
OS: Windows
high
high
Target Milestone: ---
: 4.7.z
Assignee: Aravindh Puthiyaparambil
QA Contact: gaoshang
URL:
Whiteboard:
Depends On: 1952914
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-23 14:44 UTC by Aravindh Puthiyaparambil
Modified: 2021-06-23 05:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: empty IP address value in the load balancer ingress IP field is breaking the data path. Consequence: Kube proxy doesn't honor the ingress IP address being empty and plumbs an invalid HNS policy. Fix: The fix prevents the plumbing of such invalid HNS policy. Result: Data path is no longer broken
Clone Of: 1952914
Environment:
Last Closed: 2021-06-23 05:39:31 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubernetes kubernetes issues 99964 0 None closed [Windows Kube-proxy]LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 2021-04-23 14:57:42 UTC
Github openshift kubernetes pull 697 0 None closed Bug 1952917: UPSTREAM: 100228: For LoadBalancer Service type don't create a HNS policy for empty or invalid external loa... 2021-04-30 14:09:20 UTC
Red Hat Product Errata RHSA-2021:2130 0 None None None 2021-06-23 05:39:42 UTC

Comment 1 Ronnie Rasouli 2021-05-06 12:46:20 UTC
oc get all
NAME                                   READY   STATUS    RESTARTS   AGE
pod/linux-webserver-7bbd7888f9-l6gd7   1/1     Running   0          7m27s
pod/win-webserver-549cd7495d-kr8f4     1/1     Running   0          7m28s

NAME                      TYPE           CLUSTER-IP      EXTERNAL-IP                            PORT(S)          AGE
service/kubernetes        ClusterIP      172.30.0.1      <none>                                 443/TCP          140m
service/linux-webserver   LoadBalancer   172.30.46.206   20.40.246.84                           8080:32747/TCP   7m28s
service/openshift         ExternalName   <none>          kubernetes.default.svc.cluster.local   <none>           133m
service/win-webserver     LoadBalancer   172.30.135.82   20.40.246.81                           80:30131/TCP     7m28s

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/linux-webserver   1/1     1            1           7m27s
deployment.apps/win-webserver     1/1     1            1           7m28s

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/linux-webserver-7bbd7888f9   1         1         1       7m27s
replicaset.apps/win-webserver-549cd7495d     1         1         1       7m28s
[cloud-user@PSI-VM ~]>curl 20.40.246.84:8080
Linux Container Web Server[cloud-user@PSI-VM ~]>curl 20.40.246.81
<html><body><H1>Windows Container Web Server</H1></body></html>[cloud-user@PSI-VM ~]>

Server Version: 4.7.0-0.nightly-2021-05-05-092347

Comment 4 errata-xmlrpc 2021-06-23 05:39:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2130


Note You need to log in before you can comment on or make changes to this bug.