Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.15.0
Affects Version/s: 4.14.0
Component/s: Installer / OpenShift on OpenStack
Labels:
- Triaged

Test Coverage:

-
Severity:
Moderate
Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

OpenStack features SG rules opening traffic from `0.0.0.0/0` on NodePorts. This was required for the OVN loadbalancers to work properly as they keep the source IP of the traffic when traffic reaches the LB members. This isn't needed anymore as in 4.14 OSASINFRA-3067 implemented and enabled `manage-security-groups` option on the cloud-provider-openstack, so that it will create and attach the proper SG on its own to make sure only necessary NodePorts are open.

Version-Release number of selected component (if applicable):

How reproducible:

Always

Steps to Reproduce:

1. Check for existence of rules opening traffic from 0.0.0.0/0 on the master and worker nodes.

Actual results:

Rules are still there.

Expected results:

Rules are not needed anymore.

Additional info:

links to

openshift/installer#7405: OCPBUGS-17860: OpenStack: Remove NodePorts range 0.0.0.0/0 rules

RHEA-2023:5006 rpm

Assignee:: Michał Dulko (Inactive)

Reporter:: Michał Dulko (Inactive)

QA Contact:: Itshak Brown

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/08/17 2:23 PM

Updated:: 2023/10/31 1:35 PM

Resolved:: 2023/10/31 1:35 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates