Bug 2079517 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
Summary: NodePort externalTrafficPolicy does not work for ovn-kubernetes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.z
Assignee: Miciah Dashiel Butler Masters
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On: 1903408
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-27 16:31 UTC by Miciah Dashiel Butler Masters
Modified: 2022-08-04 22:35 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: On most cloud platforms, the ingress operator creates LoadBalancer-type services with "externalTrafficPolicy: Local" for ingress traffic. However, OVN-Kubernetes in OpenShift 4.9 does not implement "externalTrafficPolicy: Local". Consequence: Usually, specifying "externalTrafficPolicy: Local" has no effect. However, some users report that it can cause imbalanced traffic over router pod replicas with some external load-balancers. Fix: The ingress operator was changed to specify "externalTrafficPolicy: Cluster" when the cluster uses OVN-Kubernetes. Result: Traffic should now be properly balanced across router pod replicas.
Clone Of: 2060542
Environment:
Last Closed: 2022-06-14 12:54:10 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 713 0 None open Bug 2079517: Use externalTrafficPolicy: Cluster with OVN 2022-04-27 16:32:31 UTC
Red Hat Product Errata RHBA-2022:4973 0 None None None 2022-06-14 12:54:18 UTC

Comment 1 Hongan Li 2022-06-06 03:44:32 UTC
verified with cluster-bot and test passed

# oc get clusterversion
NAME      VERSION                                                  AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.ci.test-2022-06-06-021116-ci-ln-tdkik1t-latest   True        False         57m     Cluster version is 4.9.0-0.ci.test-2022-06-06-021116-ci-ln-tdkik1t-latest

# oc get network cluster -oyaml
status:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  clusterNetworkMTU: 1360
  networkType: OVNKubernetes
  serviceNetwork:
  - 172.30.0.0/16


# oc -n openshift-ingress get svc/router-default -oyaml
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 172.30.245.102
  clusterIPs:
  - 172.30.245.102
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster

Comment 6 errata-xmlrpc 2022-06-14 12:54:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.38 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:4973


Note You need to log in before you can comment on or make changes to this bug.