Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-27384

Issue accessing Service NodePort/ExternalIP with externalTrafficPolicy: Local on multitenant isolated project

XMLWordPrintable

    • Moderate
    • No
    • SDN Sprint 252, SDN Sprint 253, SDN Sprint 254
    • 3
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Issue accessing Service externalTrafficPolicy: Local on multitenant isolated project

      Version-Release number of selected component (if applicable):

      4.12

      How reproducible:

      $ oc new-project foo
      $ oc new-app httpd --name foo
      $ oc patch svc foo --type merge --patch '{"spec":{"type":"NodePort"}}'
      $ oc patch svc foo --type merge --patch '{"spec":{"externalTrafficPolicy":"Local"}}'
      $ curl <node-ip-of-pod>:<node-port>

      Configuring multitenant isolation with network policy [1].
      [1] https://docs.openshift.com/container-platform/4.12/networking/network_policy/multitenant-network-policy.html#multitenant-network-policy

      $ curl <node-ip>:<node-port>

      Actual results:

      Not accessible after multitenant isolation.

      Expected results:

      Expect access like OpenShiftSDN.

      Additional info:

              npinaeva@redhat.com Nadia Pinaeva
              rhn-support-vkochuku Vinu Kochukuttan
              Huiran Wang Huiran Wang
              Martin Kennelly
              Chris Fields
              Votes:
              2 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: