Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-43807

Local endpoint for the DNS service not working in OpenShift 4.17 with 3rd party CNI

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 4.17.z
    • Networking / openshift-sdn
    • None
    • Critical
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      In previous releases (up to 4.16), when using a third-party network plugin, kube-proxy had the same behavior as in openshift-sdn and ovn-kubernetes, of always directing DNS traffic to a local DNS pod when there was one. In 4.17.0, the standalone kube-proxy used for third-party network plugins was reverted back to have the upstream behavior (no special treatment). This reverts back to the 4.16 behavior.
      Show
      In previous releases (up to 4.16), when using a third-party network plugin, kube-proxy had the same behavior as in openshift-sdn and ovn-kubernetes, of always directing DNS traffic to a local DNS pod when there was one. In 4.17.0, the standalone kube-proxy used for third-party network plugins was reverted back to have the upstream behavior (no special treatment). This reverts back to the 4.16 behavior.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-43764. The following is the description of the original issue:

      Description of problem:

      IBM ROKS uses Calico as their CNI. In previous versions of OpenShift, OpenShiftSDN would create IPTable rules that would force local endpoint for DNS Service. 

      Starting in OCP 4.17 with the removal of SDN, IBM ROKS is not using OVN-K and therefor local endpoint for dns service is not working as expected. 

      IBM ROKS is asking that the code block be restored to restore the functionality previously seen in OCP 4.16

      https://github.com/openshift/sdn/blob/release-4.16/vendor/k8s.io/kubernetes/pkg/proxy/iptables/proxier.go#L979-L992

      Without this functionality IBM ROKS is not able to GA OCP 4.17

              dwinship@redhat.com Dan Winship
              openshift-crt-jira-prow OpenShift Prow Bot
              Zhanqi Zhao Zhanqi Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: