The ingress operator changes will be tracked in bug 2079517. I'm deleting the doc text that I wrote from this BZ and copying it to bug 2079517.
Verified on 4.9.0-0.nightly-2022-04-27-100704 ETP=local works on 4.9 if 1) its SGW mode and 2) service in question has backends that are OVN pods. So feature is partially supported under the above conditions ^ Testing: $ oc get pods -owide -n surya NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-world-2-5ff4c549d9-bq4r8 1/1 Running 0 13m 10.131.0.30 ip-10-0-148-77.us-east-2.compute.internal <none> <none> hello-world-2-5ff4c549d9-mbrg4 1/1 Running 0 13m 10.129.2.14 ip-10-0-206-103.us-east-2.compute.internal <none> <none> $ oc get svc -n surya NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world-2 NodePort 172.30.39.87 <none> 80:30672/TCP 24m $ oc get ep -n surya NAME ENDPOINTS AGE hello-world-2 10.129.2.14:8080,10.131.0.30:8080 24m curl from external client towards the nodePort service : sh-4.4# curl 10.0.148.77:30672 Hello Kubernetes! sh-4.4# curl 10.0.206.103:30672 Hello Kubernetes!sh-4.4# sh-4.4# curl 10.0.130.199:30672 curl: (7) Failed to connect to 10.0.130.199 port 30672: Connection refused sh-4.4# LBs are created in OVNK correctly: _uuid : f4b2b08c-7016-4e61-8697-6c2bccb42213 external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_local_router_ip-10-0-206-103.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="true"} protocol : tcp selection_fields : [] vips : {"10.0.206.103:30672"="10.129.2.14:8080"} _uuid : 02d572c6-162a-4ef2-b0e1-eee9ab79a92e external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_local_router_ip-10-0-148-77.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="true"} protocol : tcp selection_fields : [] vips : {"10.0.148.77:30672"="10.131.0.30:8080"} _uuid : e44f3964-f8e0-4060-992b-efbb66706ba1 external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_router_ip-10-0-143-110.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="false"} protocol : tcp selection_fields : [] vips : {"10.0.143.110:30672"=""} _uuid : 8ecc4d38-97dc-4a0c-9439-1fed6a827de2 external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_router_ip-10-0-243-144.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="false"} protocol : tcp selection_fields : [] vips : {"10.0.243.144:30672"=""} _uuid : a4fb5ab9-a266-4660-abd1-9bdea8e9aa16 external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_router_ip-10-0-136-225.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="false"} protocol : tcp selection_fields : [] vips : {"10.0.136.225:30672"=""} _uuid : 58f5c13c-f0a4-4068-b704-dbf60e1adbfb external_ids : {"k8s.ovn.org/kind"=Service, "k8s.ovn.org/owner"="surya/hello-world-2"} health_check : [] ip_port_mappings : {} name : "Service_surya/hello-world-2_TCP_node_router_ip-10-0-130-199.us-east-2.compute.internal" options : {event="false", reject="true", skip_snat="false"} protocol : tcp selection_fields : [] vips : {"10.0.130.199:30672"=""}
We accidentally added support in 4.9 for this when we merged https://github.com/openshift/ovn-kubernetes/pull/942. This was merged in 4.9.24: https://bugzilla.redhat.com/show_bug.cgi?id=2056883#c6. Moving this to docs team to add/edit the docs for partial support. Testing notes for host-net pod backends: sh-4.4# tcpdump -i any -neep port 36363 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 21:53:49.159698 In 02:00:7c:97:6b:66 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 10.0.148.77.30098: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4053999068 ecr 0,nop,wscale 7], length 0 21:53:49.160537 Out 02:d1:23:a2:00:72 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 169.254.169.2.webcache: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4053999068 ecr 0,nop,wscale 7], length 0 21:53:50.175593 In 02:00:7c:97:6b:66 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 10.0.148.77.30098: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054000085 ecr 0,nop,wscale 7], length 0 21:53:50.175838 Out 02:d1:23:a2:00:72 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 169.254.169.2.webcache: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054000085 ecr 0,nop,wscale 7], length 0 21:53:52.222580 In 02:00:7c:97:6b:66 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 10.0.148.77.30098: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054002132 ecr 0,nop,wscale 7], length 0 21:53:52.222638 Out 02:d1:23:a2:00:72 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 169.254.169.2.webcache: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054002132 ecr 0,nop,wscale 7], length 0 21:53:56.254582 In 02:00:7c:97:6b:66 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 10.0.148.77.30098: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054006164 ecr 0,nop,wscale 7], length 0 21:53:56.254661 Out 02:d1:23:a2:00:72 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 169.254.169.2.webcache: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054006164 ecr 0,nop,wscale 7], length 0 21:54:04.766580 In 02:00:7c:97:6b:66 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 10.0.148.77.30098: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054014676 ecr 0,nop,wscale 7], length 0 21:54:04.766677 Out 02:d1:23:a2:00:72 ethertype IPv4 (0x0800), length 76: 10.0.130.199.36363 > 169.254.169.2.webcache: Flags [S], seq 4117051636, win 26883, options [mss 8961,sackOK,TS val 4054014676 ecr 0,nop,wscale 7], length 0 we do the LB DNAT & preserve srcIP, there is some flows to send this back to host and for response to come back to GR before going out where we go wrong, so reply doesn't reach client.
Hi Docs Team, This is a 4.9.z only bug, moving Versions to reflect that.
So this bug is still WIP for OVN local GW mode, and will be fixed? Thanks!
Since this is merged in 4.9.24, I am marking this as closed. If we need to add missing documentation, please create a docs specific bug for it.