-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
4.16.0
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
No
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
This is a clone of issue OCPBUGS-33573. The following is the description of the original issue:
—
Description of problem:
When a SNO cluster is deployed with ZTP with IPSec N-S, it is not possible for packets originating from a workload to get encapsulated on the IPSec tunnel.
Version-Release number of selected component (if applicable):
4.16
How reproducible:
100%
Steps to Reproduce:
1. Follow the example in ZTP to configure ipsec: https://github.com/openshift-kni/cnf-features-deploy/blob/master/README.md
2. Create a service and deployment for a workload pod.
3. Try to ping an IP on the VPN subnet on the Security Gateway.
Actual results:
It is not possible for packets originating from this pod to get encapsulated on the IPSec tunnel, which is managed on the host.
Expected results:
It should be possible for packets originating from this pod to get encapsulated on the IPSec tunnel, which is managed on the host.
Additional info:
Setting Local gateway mode would resolve this problem:
oc get network.operator/cluster -o json
...
{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost":true}}}}}
- clones
-
-
- ON_QA
-
- is blocked by
-
-
- ON_QA
-
- links to