Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42326

Add Warning/Important note to configuring ETP:Local

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 3
    • Critical
    • None
    • None
    • None
    • None
    • OSDOCS Sprint 268, OSDOCS Sprint 269
    • 2
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Customer had an application behind an Openshift Service in OCP 4.14.27. This Service had and issue being connected to when externalTrafficPolicy was set to Local. No issue when set to Cluster. 

After some troubleshooting, it was discovered that the namespace had an EgressIP and prior to OCP 4.16 [1], if a namespace had an EgressIP assigned then you won't be able to set externalTrafficPolicy to Local.

After removing the label that sets this EgressIP in the customers environment, they could successfully connect to their Openshift Service when they set externalTrafficPolicy to Local.

[1] https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html#ocp-4-16-notable-technical-changes_release-notes

      Version-Release number of selected component (if applicable):

      It didn't/doesn't work in OCP prior to OCP 4.16 so we're hoping to have either a WARNING or IMPORTANT box added to this page in the documentation for the 4 versions mentioned with something like this:

"Prior to OCP 4.16, Openshift Services can't be set to 'ExternalTrafficPolicy: local' when namespace includes an EgressIP, only 'ExternalTrafficPolicy: cluster' will work"

https://docs.openshift.com/container-platform/4.12/networking/configuring_ingress_cluster_traffic/configuring-externalip.html

https://docs.openshift.com/container-platform/4.13/networking/configuring_ingress_cluster_traffic/configuring-externalip.html

https://docs.openshift.com/container-platform/4.14/networking/configuring_ingress_cluster_traffic/configuring-externalip.html

https://docs.openshift.com/container-platform/4.15/networking/configuring_ingress_cluster_traffic/configuring-externalip.html

       

      How reproducible:

      100%

      Steps to Reproduce:

          1. Create namespace with an EgressIP (in OCP prior to 4.16)
    2. Create deployment/pods behind Service with ETP: local
    3. Try to connect to Service from an External Source (it won't work)

      Actual results:

          Traffic is never returned/routed back proper after making it to the pod

      Expected results:

          Successful TCP connection from external source

      Additional info:

      These are the RFEs/Bugs made to have this ability added to OCP 4.16 that is not present in pre-OCP 4.16

[2] https://issues.redhat.com/browse/OCPSTRAT-1155
[3] https://issues.redhat.com/browse/SDN-4436
[4] https://issues.redhat.com/browse/RFE-3944

              dfitzmau@redhat.com Darragh Fitzmaurice
              rhn-support-acardena Albert Cardenas
              None
              None
              Zhanqi Zhao Zhanqi Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: