Bug 2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z]
Summary: [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RHCOS
Version: 4.11
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.11.0
Assignee: Micah Abbott
QA Contact: Michael Nguyen
URL:
Whiteboard:
Depends On: 2065266
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-25 16:54 UTC by Micah Abbott
Modified: 2022-08-10 11:14 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2065266
Environment:
Last Closed: 2022-08-10 11:14:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 11:14:22 UTC

Description Micah Abbott 2022-05-25 16:54:52 UTC 
+++ This bug was initially created as a clone of Bug #2065266 +++

This bug has been copied from bug#2062870 and has been proposed to be backported to 8.6.0 stream.
Devel and QA ack is needed for full approval of the zstream clone
Comment 1 Scott Dodson 2022-07-01 14:34:04 UTC 
Kernel errata has shipped and a superseding kernel is present in 4.11 nightlies.
Comment 4 Micah Abbott 2022-07-05 14:48:18 UTC 
The dependent RHEL BZ was fixed as part of RHEL 8.6.0.1 with `kernel-4.18.0-372.13.1.el8_6`

Checking a 4.11 CI release-payload:


```
$ oc version
Client Version: 4.10.18
Server Version: 4.11.0-0.ci-2022-07-05-101838
Kubernetes Version: v1.24.0-2362+2dd8bb16eb2fd8-dirty

$ oc get nodes
NAME                                       STATUS   ROLES    AGE   VERSION
ci-ln-818wcgt-72292-fjchw-master-0         Ready    master   19m   v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-master-1         Ready    master   19m   v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-master-2         Ready    master   20m   v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-a-nl42w   Ready    worker   12m   v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-b-9h9zr   Ready    worker   12m   v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-c-xz5rd   Ready    worker   12m   v1.24.0+2dd8bb1

$ oc debug node/ci-ln-818wcgt-72292-fjchw-worker-a-nl42w
Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Starting pod/ci-ln-818wcgt-72292-fjchw-worker-a-nl42w-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.128.2
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# rpm-ostree status
State: idle
Deployments:
* pivot://registry.ci.openshift.org/ocp/4.11-2022-07-05-101838@sha256:04b54950ce296d73746f22b66ff6c5484c37be78cb34aaf352338359112fa241
              CustomOrigin: Managed by machine-config-operator
                   Version: 411.86.202207011902-0 (2022-07-01T19:05:18Z)

  0505ffc1c711903785f27570819e973f086f594a8daa3ec9dfe2a059586ac42f
                   Version: 411.86.202206301504-0 (2022-06-30T15:08:01Z)
sh-4.4# rpm -q kernel
kernel-4.18.0-372.13.1.el8_6.x86_64
```
Comment 5 errata-xmlrpc 2022-08-10 11:14:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.