-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16.0
-
None
-
Important
-
No
-
Proposed
-
False
-
Description of problem:
When a SNO cluster is deployed with ZTP with IPSec N-S, it is not possible for packets originating from a workload to get encapsulated on the IPSec tunnel.
Version-Release number of selected component (if applicable):
4.16
How reproducible:
100%
Steps to Reproduce:
1. Follow the example in ZTP to configure ipsec: https://github.com/openshift-kni/cnf-features-deploy/blob/master/README.md 2. Create a service and deployment for a workload pod. 3. Try to ping an IP on the VPN subnet on the Security Gateway.
Actual results:
It is not possible for packets originating from this pod to get encapsulated on the IPSec tunnel, which is managed on the host.
Expected results:
It should be possible for packets originating from this pod to get encapsulated on the IPSec tunnel, which is managed on the host.
Additional info:
Setting Local gateway mode would resolve this problem: oc get network.operator/cluster -o json ... {"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost":true}}}}}
- blocks
-
OCPBUGS-35286 ZTP for IPSec N-S should enable local gateway mode
- New
- is cloned by
-
OCPBUGS-35286 ZTP for IPSec N-S should enable local gateway mode
- New
- links to
- mentioned on