Bug 2055386
| Summary: | MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jose Castillo Lema <jlema> |
| Component: | Networking | Assignee: | Mohamed Mahmoud <mmahmoud> |
| Networking sub component: | Metal LB | QA Contact: | Arti Sood <asood> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | dblack, jlema, mmahmoud, murali |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-10 10:50:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |
Description of problem: We have two services sharing the same external IP (10.10.10.10): $ oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE uperf-service-tcp LoadBalancer 172.30.5.230 10.10.10.10 30000:31205/TCP 4m41s uperf-service-udp LoadBalancer 172.30.175.221 10.10.10.10 30000:30090/UDP 4m41s Upon editing the first of them to change the externalTrafficPolicy definition, its external IP changes (10.10.10.11): $ oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE uperf-service-tcp LoadBalancer 172.30.5.230 10.10.10.11 30000:31205/TCP 4m41s uperf-service-udp LoadBalancer 172.30.175.221 10.10.10.10 30000:30090/UDP 4m41s Version-Release number of selected component (if applicable): OCP version: 4.10.0-rc.1 MetalLB version: 4.10.0-202201310820 How reproducible: 100% Steps to Reproduce: 1. Create two services sharing an external IP 2. Update the externalTrafficPolicy definition of one of them Actual results: The external IP of the service changes Expected results: In order of preference: 1. The service gets updated and the external IP of the service does not change 2. If (1) it is not possible due to some implementation limitation, then the update of the service should fail, stating that is not possible to update the ETP of a service that is sharing its external IP. Imho it is better to reject the update than to allow it and change the external IP without warning. Additional info: It looks like the controller has properly identified the situation: {"caller":"level.go:63","error":"can't change sharing key for \"default/uperf-service-tcp\", address also in use by default/uperf-service-udp","event":"clearAssignment","level":"info","msg":"current IP not allowed by config, clearing","service":"default/uperf-service-tcp","ts":"2022-02-16T19:11:06.262179646Z"}