Details
-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
4.10
-
?
-
SDN Sprint 233, SDN Sprint 234, SDN Sprint 235, SDN Sprint 236, SDN Sprint 237, SDN Sprint 238
-
6
-
Rejected
-
False
-
Description
Description of problem:
NodePort service is accessible using ingressVIP in OCP 4.10 using Openshift SDN as CNI
Version-Release number of selected component (if applicable):
4.10
How reproducible:
100%
Steps to Reproduce:
1. Launch a Vpshere IPI cluster with OCP 4.10 version and with OpenShift SDN as CNI Plugin. 2. Create a new project and deploy a sample web-app using below command # oc new-project hello-world # oc new-app --name hello-world --image quay.io/redhattrainng/hello-world-nginx 3. Edit the service (hello-world) of type ClusterIP to NodePort # oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-world NodePort 172.30.250.73 <none> 8080:31316/TCP 28m 4. Try accessing the service using the ingressIP # oc get infrastructures.config.openshift.io cluster -o yaml platform: VSphere platformStatus: type: VSphere vsphere: apiServerInternalIP: 192.168.51.2 ingressIP: 192.168.51.3 # curl -sI http://192.168.51.3:31316 HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Mon, 05 Dec 2022 14:42:38 GMT Content-Type: text/html Content-Length: 72 Last-Modified: Wed, 26 Jun 2019 22:19:37 GMT Connection: keep-alive ETag: "5d13ef79-48" Accept-Ranges: bytes
Actual results:
The NodePort service is being accessed via IngressIP:PortNumber. It should only by accessible via Node:Port.
Expected results:
The NodePort Service should not be accessible via the ingressIP. It should only be accessible when calling with nodename/nodeIP and port no. The Vsphere IPI cluster installed using OVNKubernetes works as expected and the NodePort service is not accessible using the ingressIP and only accessible by the nodename/nodeIP and port no., which is the correct behavior.
Additional info:
Attachments
Issue Links
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHEA-2023:5006
rpm
(2 links to)
