-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.17
-
None
-
Important
-
None
-
1
-
uShift Sprint 263, uShift Sprint 264, uShift Sprint 265
-
3
-
False
-
-
N/A
-
Release Note Not Required
This is a clone of issue OCPBUGS-45192. The following is the description of the original issue:
—
Description of problem:
OCP-73203 failed in a ginkgo test on an ipv6 miscorshift cluster(https://mastern-jenkins-csb-openshift-qe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-common/job/ginkgo-test/279284/console) From the below logs: it looked like load balancer [fd02::1:0]:10080 didn't work well:(in the test run, specified ipv6 address fd02::1:0 and port 10080) 11-27 11:03:46.346 I1127 03:02:01.119331 4197 client.go:835] Running 'oc --kubeconfig=/home/jenkins/kubeconf/kubeconfig exec -n e2e-ne-ocp73203-n1kdnxvv hello-pod -- curl http://service-unsecure1-ocp73203.apps.example.com:10080 -I --resolve service-unsecure1-ocp73203.apps.example.com:10080:fd02::1:0 --connect-timeout 10' 11-27 11:03:46.346 I1127 03:02:04.299326 4197 client.go:835] Running 'oc --kubeconfig=/home/jenkins/kubeconf/kubeconfig exec -n e2e-ne-ocp73203-n1kdnxvv hello-pod -- curl http://service-unsecure1-ocp73203.apps.example.com:10080 -I --resolve service-unsecure1-ocp73203.apps.example.com:10080:fd02::1:0 --connect-timeout 10' 11-27 11:03:46.346 { 11-27 11:03:46.346 s: "case: [sig-network-edge] Network_Edge should MicroShiftOnly-Author:shudili-NonPreRelease-Longduration-High-73203-configuring listening IP addresses and listening Ports [Disruptive]\nerror: max time reached but can't execute the cmd successfully for the desired times", 11-27 11:03:46.346 }
Version-Release number of selected component (if applicable):
4.17
How reproducible:
100% in the cluster
Steps to Reproduce:
1. create pods, a service and a route % oc -n test get route NAME HOST ADMITTED SERVICE TLS service-unsecure service-unsecure-test.apps.example.com True service-unsecure % oc -n test get ep service-unsecure NAME ENDPOINTS AGE service-unsecure [fd01:0:0:1::13]:8080 6d14h 2. debug node, added the listen port and restart the service % oc debug node/microshift-dev.local sh-4.4# chroot /host sh-5.1# cd /etc/microshift/ sh-5.1# cat config.yaml apiServer: # SubjectAltNames added to API server certs subjectAltNames: [dhcp-1-235-194.arm.eng.rdu2.redhat.com,microshift-dev.local,microshift-dev.local,microshift-dev.local,microshift-dev.local,microshift-dev.local,2620:52:0:1eb:6a1:1b78:8b99:d1c3,10.1.235.194] network: clusterNetwork: - fd01::/48 serviceNetwork: - fd02::/112 node: nodeIP: 2620:52:0:1eb:6a1:1b78:8b99:d1c3 ingress: ports: http: 10080 https: 10443 sh-5.1# sudo systemctl restart microshift 3. % oc -n openshift-ingress get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE router-default LoadBalancer fd02::ddd1 2620:52:0:1eb:6a1:1b78:8b99:d1c3,fd01:0:0:1::2,fd02::1:0 10080:31921/TCP,10443:31772/TCP 2d router-internal-default ClusterIP fd02::a18d <none> 80/TCP,443/TCP,1936/TCP 2d 4. rsh to a client pod, curl the route with all the ipv6 address of the load balancer, all were passed, except fd01:0:0:1::2 % oc -n test rsh centos-pod sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[2620:52:0:1eb:6a1:1b78:8b99:d1c3] Hello-OpenShift web-server-rc-dc76n http-8080 sh-4.4# sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd02::1:0] Hello-OpenShift web-server-rc-dc76n http-8080 sh-4.4# sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd01:0:0:1::2] curl: (7) Failed to connect to service-unsecure-test.apps.example.com port 10080: Permission denied sh-4.4#
Actual results:
curl route with destination fd01:0:0:1::2 was failed
Expected results:
sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd01:0:0:1::2] Hello-OpenShift web-server-rc-dc76n http-8080
Additional info:
- blocks
-
OCPBUGS-46040 one load balancer's ipv6 listening address(fd01:0:0:1::2) don't work as expected
- Closed
- clones
-
OCPBUGS-45192 one load balancer's ipv6 listening address(fd01:0:0:1::2) don't work as expected
- Verified
- is blocked by
-
OCPBUGS-45192 one load balancer's ipv6 listening address(fd01:0:0:1::2) don't work as expected
- Verified
- is cloned by
-
OCPBUGS-46040 one load balancer's ipv6 listening address(fd01:0:0:1::2) don't work as expected
- Closed
- links to
-
RHSA-2024:6124 OpenShift Container Platform 4.18.z security update