Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-1539

Possible regresion in localhost access and ipv6

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • maistra-1.1.3
    • maistra-1.1.2
    • None
    • None
    • MAISTRA 1.1.3

      An older issue [1] about denying access access to "localhost" when it resolves to the ipv6 "::1" and corrected upstream in version 1.0.8 with this PR: [2] may have come back again in later versions. The patch to accept "::1" in the version 1.0.8 [3] is not visible in later version 1.1.2 [4].

      This is an example of the problem:

      ~~~
      kubectl exec -it rhsso-application-xxxxxxx-yyyyyy-5994d4774-2tcfg -c application – curl -v http://localhost:8080

      • About to connect() to localhost port 8080 (#0)
      • Trying ::1...

      kubectl exec -it rhsso-application-xxxxxxx-yyyyyy-5994d4774-2tcfg -c application – curl -v http://localhost:8080 -4

      • About to connect() to localhost port 8080 (#0)
      • Trying 127.0.0.1...
      • Connected to localhost (127.0.0.1) port 8080 (#0)
        > GET / HTTP/1.1
        > User-Agent: curl/7.29.0
        > Host: localhost:8080
        > Accept: /
        >
        < HTTP/1.1 200 OK
        < Connection: keep-alive
        < Last-Modified: Tue, 07 Jan 2020 14:57:26 GMT
        < Content-Length: 211
        < Content-Type: text/html
        < Accept-Ranges: bytes
        < Date: Fri, 05 Jun 2020 09:22:15 GMT
        <
        <!DOCTYPE html PUBLIC "//W3C//DTD HTML 4.01 Transitional//EN">!DOCTYPE html PUBLIC "//W3C//DTD HTML 4.01 Transitional//EN">
        <html>
        <head>
        <meta http-equiv="refresh" content="0;url=/auth">
        </head>
        </html>
      • Connection #0 to host localhost left intact

      ~~~

      It is running on Openshift 4.3.22 with these components:
      ~~~

      1. oc get csv -n istio-system
        NAME DISPLAY VERSION REPLACES PHASE
        elasticsearch-operator.4.3.23-202005270305 Elasticsearch Operator 4.3.23-202005270305 elasticsearch-operator.4.3.22-202005201238 Succeeded
        jaeger-operator.v1.17.2 Red Hat OpenShift Jaeger 1.17.2 jaeger-operator.v1.13.1 Succeeded
        kiali-operator.v1.12.12 Kiali Operator 1.12.12 kiali-operator.v1.12.11 Succeeded
        servicemeshoperator.v1.1.2.2 Red Hat OpenShift Service Mesh 1.1.2+2 servicemeshoperator.v1.1.2 Succeeded
        ~~~

      [1] https://issues.redhat.com/browse/MAISTRA-987
      [2] https://github.com/Maistra/istio-cni/pull/7
      [3] https://github.com/Maistra/istio-cni/blob/bce0cb6736025a56c3f2d3bc6e60870bf9334d8d/tools/deb/istio-iptables.sh#L472
      [4] https://github.com/Maistra/istio-cni/blob/1e3db221bacf9b9c4e0fbb9fb0665204fa6c4093/tools/deb/istio-iptables.sh#L388

      Let me know if you need further information.

      Thanks

              kconner@redhat.com Kevin Conner (Inactive)
              rhn-support-mabajodu Mario Abajo Duran
              Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: