-
Bug
-
Resolution: Done-Errata
-
Major
-
4.15
Description of problem:
A high number of kubeproxy rules is observed on OCP cluster installed with version 4.15.19 and OpenshiftSDN network plugin. The quantity of redundant rules increases continuosly and it seems more related to the rules from openshift-ingress namespace. In the following example, it is present in a cluster node 157k redundant rules related to KUBE-MARK-MASQ rule:
$ less iptables-nat_rules.txt | grep openshift-ingress/router-nodeport-<svc-name> | wc -l
157761 <-----
0 0 KUBE-MARK-MASQ all -- !tun0 * 0.0.0.0/0 0.0.0.0/0 /* masquerade traffic for openshift-ingress/router-nodeport-<svc-name>:http external destinations */
Nodeport services seems to be more affected by the issue.
After a the node reboot, the quantity of rules drop, however some hours later, the issue reoccurs.
Version-Release number of selected component (if applicable): OCP 4.15.19
How reproducible: Not easily
Actual results: Affected nodes are firing alerts NodeProxyApplySlow and ClusterProxyApplySlow
Expected results: Cluster shouldn't create this high quantity of redundant rules
Additional info:
Please fill in the following template while reporting a bug and provide as much relevant information as possible. Doing so will give us the best chance to find a prompt resolution.
Affected Platforms: RHOCP
- depends on
-
OCPBUGS-42170 OCP 4.17 openshift-sdn dependency bug
- Closed
- is depended on by
-
OCPBUGS-42171 High number of redundant kubeproxy rules present in OCP 4.15 with OpenshiftSDN
- Closed
- links to
-
RHBA-2024:7174 OpenShift Container Platform 4.16.z bug fix update