Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-18378

ovn routingViaHost-true flag breaks connectivity to pod services from hostnetwork pods

    XMLWordPrintable

Details

    • +
    • Critical
    • Yes
    • SDN Sprint 241
    • 1
    • Approved
    • False
    • Hide

      LGW installation fails on OVNK.

      Show
      LGW installation fails on OVNK.
    • Hide
      9/6 downstream fix merged. Green
      9/5: upstream fix merged, downstream merge PR open. Green
      Show
      9/6 downstream fix merged. Green 9/5: upstream fix merged, downstream merge PR open. Green

    Description

      Description of problem:

      OVN local mode breaks connectivity to pod services from hostnetwork pods. As a result metallb/sriov and several other operators don't work.

      Version-Release number of selected component (if applicable):

      4.14.0-0.nightly-2023-08-28-154013

      How reproducible:

      Set routingViaHost: true flag in following resource networks.operator.openshift.io cluster

Try to apply sriov or metallb policy and hit following error:

Internal error occurred: failed calling webhook "operator-webhook.sriovnetwork.openshift.io": failed to call webhook: Post "https://operator-webhook-service.openshift-sriov-network-operator.svc:443/validating-custom-resource?timeout=10s": context deadline exceeded

OR

 Internal error occurred: failed calling webhook "metallbvalidationwebhook.metallb.io": failed to call webhook: Post "https://metallb-operator-controller-manager-service.metallb-system.svc:443/validate-metallb-io-v1beta1-metallb?timeout=10s": no endpoints available for service "metallb-operator-controller-manager-service

      Steps to Reproduce:

      1. oc edit networks.operator.openshift.io cluster and set routingViaHost flag to true
  defaultNetwork:
    ovnKubernetesConfig:
      egressIPConfig: {}
      gatewayConfig:
        routingViaHost: true << This flag
2. Wait until the update is rolled out across all nodes 
oc get networks.operator.openshift.io cluster -o yaml

  - lastTransitionTime: "2023-08-31T06:22:15Z"
    status: "False"
    type: Progressing

3. Try to apply sriov or metallb policy on cluster.
 Internal error occurred: failed calling webhook "metallbvalidationwebhook.metallb.io": failed to call webhook: Post "https://metallb-operator-controller-manager-service.metallb-system.svc:443/validate-metallb-io-v1beta1-metallb?timeout=10s": no endpoints available for service "metallb-operator-controller-manager-service

      Actual results:

      local gateway mode: routingViaHost-true flag breaks connectivity to pod services from hostnetwork pods

      Expected results:

      Local gateway mode should not break connectivity of hostNetwork pods

      Additional info:

       

      Attachments

        Issue Links

          links to

          GitHub openshift/ovn-kubernetes#1851: OCPBUGS-18378: LGW: Fix the precedence of rules in FORWARD chain

          Web Link RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

          Activity

            People

              sseethar Surya Seetharaman
              nkononov@redhat.com Nikita Kononov
              Arti Sood Arti Sood
              Andrea Panattoni
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: