Bug 2090755
| Summary: | MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Arti Sood <asood> |
| Component: | Networking | Assignee: | Periyasamy Palanisamy <pepalani> |
| Networking sub component: | Metal LB | QA Contact: | Arti Sood <asood> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | pepalani |
| Version: | 4.11 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-10 11:14:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
(In reply to Arti Sood from comment #0) > Description of problem: > There several values that user keys in and those items can be keyed in more > than once ending up in messy list of objects with duplicate entries. > > 1. ip address pool selectors > 2. ip address pools > 3. node selector can have node name twice and non existent node name Non -existent node name is fine, as it's a label selector. We'll check for identical label selector as anything more complex like checking for overlaps is simply not doable / risks to be fragile. > 4. bgp peer > 5. communities if same community string is used in object and provided as > string in BGPAdvertisement Object. > > > > Version-Release number of selected component (if applicable): > Server Version: 4.11.0-0.nightly-2022-05-25-193227 > Kubernetes Version: v1.23.3+ad897c4 > > oc get csv -n metallb-system > NAME DISPLAY VERSION > REPLACES PHASE > metallb-operator.4.11.0-202205242136 MetalLB Operator > 4.11.0-202205242136 Succeeded > > > How reproducible: > Always > > Steps to Reproduce: > 1. Install the metallb operator and create metallb CR on all the worker > nodes. > 2. Create a BGPAdvertisement with YAML below to see the duplicate ip address > pools added:- > > apiVersion: metallb.io/v1beta1 > kind: BGPAdvertisement > metadata: > name: bgp-adv > namespace: metallb-system > spec: > aggregationLength: 32 > aggregationLengthV6: 128 > communities: > - '65001:65500' > ipAddressPools: > - addresspool-l3-a--->DUPLICATE > - addresspool-l3-a > nodeSelectors: > - matchExpressions: > - key: kubernetes.io/hostname > operator: In > values: > - asood-5241-x7pkp-worker-ptdqd > ipAddressPoolSelectors: > - matchExpressions: > - values: > - bgp > key: pool > operator: In > peers: > - peer-bfd-master > > Actual results: > Duplicate entries for various values. > > It does complain if the community string is added twice. > > e.g admission webhook "bgpadvertisementvalidationwebhook.metallb.io" denied > the request: duplicate definition of community "65001:65500" > > but if there is object > oc describe communities community1 -n metallb-system > Name: community1 > Namespace: metallb-system > API Version: metallb.io/v1beta1 > Kind: Community > Metadata: > Spec: > Communities: > Name: NO_ADVERTISE > Value: 65535:65282 > > community string "65535:65282" can be added as well. > > This can't be an issue. If you have an alias defined you can either use it or not. > > Expected results: > Only one entry of its kind. > > Additional info: Moving to low as it doesn't have impacts on usability. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |
Description of problem: There several values that user keys in and those items can be keyed in more than once ending up in messy list of objects with duplicate entries. 1. ip address pool selectors 2. ip address pools 3. node selector can have node name twice and non existent node name 4. bgp peer 5. communities if same community string is used in object and provided as string in BGPAdvertisement Object. Version-Release number of selected component (if applicable): Server Version: 4.11.0-0.nightly-2022-05-25-193227 Kubernetes Version: v1.23.3+ad897c4 oc get csv -n metallb-system NAME DISPLAY VERSION REPLACES PHASE metallb-operator.4.11.0-202205242136 MetalLB Operator 4.11.0-202205242136 Succeeded How reproducible: Always Steps to Reproduce: 1. Install the metallb operator and create metallb CR on all the worker nodes. 2. Create a BGPAdvertisement with YAML below to see the duplicate ip address pools added:- apiVersion: metallb.io/v1beta1 kind: BGPAdvertisement metadata: name: bgp-adv namespace: metallb-system spec: aggregationLength: 32 aggregationLengthV6: 128 communities: - '65001:65500' ipAddressPools: - addresspool-l3-a--->DUPLICATE - addresspool-l3-a nodeSelectors: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - asood-5241-x7pkp-worker-ptdqd ipAddressPoolSelectors: - matchExpressions: - values: - bgp key: pool operator: In peers: - peer-bfd-master Actual results: Duplicate entries for various values. It does complain if the community string is added twice. e.g admission webhook "bgpadvertisementvalidationwebhook.metallb.io" denied the request: duplicate definition of community "65001:65500" but if there is object oc describe communities community1 -n metallb-system Name: community1 Namespace: metallb-system API Version: metallb.io/v1beta1 Kind: Community Metadata: Spec: Communities: Name: NO_ADVERTISE Value: 65535:65282 community string "65535:65282" can be added as well. Expected results: Only one entry of its kind. Additional info: