Bug 2011666
| Summary: | ACL for a deleted egressfirewall still present on node join switch | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Arnab Ghosh <arghosh> | |
| Component: | Networking | Assignee: | Riccardo Ravaioli <rravaiol> | |
| Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> | |
| Status: | CLOSED WONTFIX | Docs Contact: | ||
| Severity: | medium | |||
| Priority: | unspecified | CC: | atn, rravaiol | |
| Version: | 4.8 | |||
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2023216 2023225 (view as bug list) | Environment: | ||
| Last Closed: | 2022-06-24 16:01:34 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2023220 | |||
| Bug Blocks: | 2023225 | |||
Description of problem: An egressfirewall was created in cluster and later it was removed but the ACL rule still exists on node join switch. Removed both northbound and southbound database from all nodes and restarted ovnkube-master PODs but after that as well I could see ACL rules in node join switch. ~~~ [openshift ~]$ oc get egressfirewall -A -oyaml apiVersion: v1 items: [] kind: List metadata: resourceVersion: "" selfLink: "" [openshift ~]$ date Tue Oct 5 16:43:32 CEST 2021 ~~~ ~~~ cfe4b43f-62ba-4b50-88e9-fe0da822e5b2 drop from-lport {egressFirewall=bdf-exa-build-blockAll} false "(ip4.dst == 0.0.0.0/0 || ip6.dst == ::/0) && ip4.src == $a6834957807212337954 && inport == \"jtor-ovn_cluster_router\"" [] [] ~~~ Version-Release number of selected component (if applicable): Openshift container platform 4.8.5 How reproducible: Could not reproduce Steps to Reproduce: 1. 2. 3. Actual results: Traffic is being blocked due to ACL rule in node join switch Expected results: No cl RULE SHOULD BE PRESENT WHEN THER IS NO EGRESSFIREWALL CUSTOM RESOURCE. Additional info: Will attach Northbound db dump