Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-10962

[scale] all egressfirewalls will be updated on every node update

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • None
    • 4.13
    • Networking / ovn-kubernetes
    • None
    • No
    • SDN Sprint 234
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      During an egress firewall bug verification we found that large egressfirewalls are taking longer than usual time to be applied.
In the logs we can see the same egressfirewall ACL is created more than once.
That happens when a node gets updated, because of a newly introduced feature for egressfirewall nodeSelector

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1. Create any egressfirewall
2. check ovnk-master logs
oc logs -c ovnkube-master <leader pod> -n openshift-ovn-kubernetes | grep "egressFirewall:<egressfirewall namespace>" 
If no logs are printed, try "EgressFirewall:<egressfirewall namespace>" with the capital E
3. You should see N logs based on the number of egress firewall rules
4. label a node like
oc label node <any node> label=test
5. grep the same logs, there should be 2*N logs for creating and updating the same ACLs

      Actual results:

       

      Expected results:

      no additional logs to update existing ACLs are generated

      Additional info:

       

              npinaeva@redhat.com Nadia Pinaeva
              npinaeva@redhat.com Nadia Pinaeva
              Huiran Wang Huiran Wang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: