Bug 1972864 - New `local-with-fallback` service annotation does not preserve source IP
Summary: New `local-with-fallback` service annotation does not preserve source IP
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.8.0
Assignee: Dan Winship
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On: 1971808
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-16 18:43 UTC by Dan Winship
Modified: 2021-07-27 23:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 1971808
Environment:
[sig-network][Feature:Router] The HAProxy router should set Forwarded headers appropriately
Last Closed: 2021-07-27 23:13:09 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift sdn pull 322 0 None closed Bug 1972864: [4.8] fix local-with-fallback 2021-06-23 12:18:48 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:13:28 UTC

Comment 2 zhaozhanqi 2021-06-23 05:37:40 UTC
Verified this bug on 4.8.0-0.nightly-2021-06-22-192915

$ oc rsh hello-cwlxr
/srv # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if53: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP 
    link/ether 0a:58:0a:81:00:2f brd ff:ff:ff:ff:ff:ff
    inet 10.129.0.47/23 brd 10.129.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::c452:c6ff:fec5:ece1/64 scope link 
       valid_lft forever preferred_lft forever
/srv # curl router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
GET / HTTP/1.1
user-agent: curl/7.52.1
accept: */*
host: router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
x-forwarded-host: router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
x-forwarded-port: 80
x-forwarded-proto: http
forwarded: for=10.129.0.47;host=router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com;proto=http
x-forwarded-for: 10.129.0.47

Comment 5 errata-xmlrpc 2021-07-27 23:13:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.