NodePort service is accessible using ingressVIP in OCP 4.10 using Openshift SDN as CNI

4.10

100%

1. Launch a Vpshere IPI cluster with OCP 4.10 version and with OpenShift SDN as CNI Plugin.

2. Create a new project and deploy a sample web-app using below command
# oc new-project hello-world
# oc new-app --name hello-world --image quay.io/redhattrainng/hello-world-nginx

3. Edit the service (hello-world) of type ClusterIP to NodePort
# oc get svc
NAME          TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
hello-world   NodePort   172.30.250.73   <none>        8080:31316/TCP   28m

4. Try accessing the service using the ingressIP
# oc get infrastructures.config.openshift.io  cluster -o yaml
 platform: VSphere
  platformStatus:
    type: VSphere
    vsphere:
      apiServerInternalIP: 192.168.51.2
      ingressIP: 192.168.51.3

# curl -sI http://192.168.51.3:31316
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Mon, 05 Dec 2022 14:42:38 GMT
Content-Type: text/html
Content-Length: 72
Last-Modified: Wed, 26 Jun 2019 22:19:37 GMT
Connection: keep-alive
ETag: "5d13ef79-48"
Accept-Ranges: bytes

The NodePort service is being accessed via IngressIP:PortNumber. It should only by accessible via Node:Port.

The NodePort Service should not be accessible via the ingressIP. It should only be accessible when calling with nodename/nodeIP and port no.

The Vsphere IPI cluster installed using OVNKubernetes works as expected and the NodePort service is not accessible using the ingressIP and only accessible by the nodename/nodeIP and port no., which is the correct behavior.