-
Bug
-
Resolution: Duplicate
-
Normal
-
None
-
4.10.0
-
Moderate
-
None
-
False
-
Description of problem:
When configuring EgressIP using "matchLabels" it is working as expected, logical IP in Northbound container is equal to the number of pods using egressip. But when we are using "matchExpressions" while configuring egressip, the result is not accurate. We are getting so many logical ips in Northbound container which are also being used by many other pods from other namespaces as well where we haven't assigned any egresssip.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Configure an egressip using the below YAML for expected result.
~~~
$ cat egressip.yaml
apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
name: egressip-test
spec:
egressIPs:
- 10.74.191.100
namespaceSelector:
matchLabels:
test: egressip
podSelector: {}
~~~
2. Configure an egressip using the below YAML for unexpected result.
~~~
apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
name: egress-matchexpression
spec:
egressIPs:
- 10.74.191.101
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values:
- egress-test
~~~
Actual results:
- We are getting so many logical ips in Northbound container which are also being used by many other pods from other namespaces as well where we haven't assigned any egresssip. ~~~ $ oc exec -it ovnkube-master-6hq4h -c northd -- ovn-nbctl show | grep -B1 -A3 "10.74.191.101" | grep 'external ip: "10.74.191.101"' | wc -l 110 ~~~
Expected results:
- When configurong egressip using matchlabel, logical IP in Northbound container should be the number of pods using egressip. ~~~ $ oc exec -it ovnkube-master-6hq4h -c northd -- ovn-nbctl show | grep -B1 -A3 "10.74.191.100" | grep 'external ip: "10.74.191.100"' | wc -l 4 ~~~
Additional info:
- After comparing the logical ips of Northbound container with other pods, observed that the defaults pods of openshift are also assigned these ips.
~~~
[quicklab@upi-0 ~]$ oc exec -it ovnkube-master-668tz -c northd -- ovn-nbctl show | grep -B1 -A3 "10.74.191.101"
nat f86e9029-f8a0-4639-9e2a-7b3c839ec9cc
external ip: "10.74.191.101"
logical ip: "10.130.0.41"
type: "snat"
nat fb3a70fb-501a-4ad0-8999-f5826b77edad
external ip: "10.74.191.101"
logical ip: "10.128.0.37"
type: "snat"
nat fed1f3be-d244-4dee-9fbf-e615764529b8
external ip: "10.74.191.101"
logical ip: "10.130.0.19"
type: "snat"
~~~
~~~
[quicklab@upi-0 ~]$ oc get pod -A -o wide | grep '10.130.0.19'
openshift-console downloads-6498c8985f-x64nb 1/1 Running 69 (2d1h ago) 2d16h 10.130.0.19 master-2.bmehraovn.lab.pnq2.cee.redhat.com <none> <none>
[quicklab@upi-0 ~]$ oc get pod -A -o wide | grep '10.128.0.37'
openshift-operator-lifecycle-manager packageserver-6dbdbb9bc9-c4xm4 1/1 Running 357 (69m ago) 2d17h 10.128.0.37 master-1.bmehraovn.lab.pnq2.cee.redhat.com <none> <none>
[quicklab@upi-0 ~]$ oc get pod -A -o wide | grep '10.130.0.41'
openshift-controller-manager controller-manager-2jthr 1/1 Running 5 (6h49m ago) 41h 10.130.0.41 master-2.bmehraovn.lab.pnq2.cee.redhat.com <none> <none>
~~~~
