Description of problem:
[ovn] [ocp 4.10.z] Service `spec.externalTrafficPolicy` does not trigger rules update in ovnkube-node pod handlers on edit, even though it does successfully update the rules if deployed explicitly with that spec value set, or if you delete the handler pods for ovn (forces a refresh).
Version-Release number of selected component (if applicable):
observed in 4.10.32 and 4.10.40, tested on azure platform.
Steps to Reproduce:
1. Deploy a test pod with curlable resource in a test namespace 2. create a service from yaml exposing pod at internal clusterIP (example yaml provided by customer below) ~~~ apiVersion: v1 kind: Service metadata: labels: run: test name: test annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true" service.beta.kubernetes.io/azure-load-balancer-internal-subnet: paas1 spec: allocateLoadBalancerNodePorts: true externalTrafficPolicy: Cluster ##MODIFY THIS SPEC VALUE AND OBSERVE FAIL CONDITION internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - port: 8000 protocol: TCP targetPort: 8000 selector: run: test sessionAffinity: None type: LoadBalancer ~~~ 3. curl against service succeeds 4. edit service to change `spec.externalTrafficPolicy: local` 5. observe externalIP does not change, but healthz port updates 6. curl against same externalIP:port time out indefinitely, no response. //workaround: delete service and redeploy with spec line set already to `local`, or delete ovnkube-node pod serving pod(s) to force refresh the local ruleset and allow traffic (curls subsequently will succeed).
spec change appears to update properly in the database but does not send a notification to update the ovnkube-node pod handlers (or similar) to allow traffic through once the externalTrafficPolicy spec value is changed.
spec change to service yaml should be immediately updated in DB AND update ovnkube-node handlers for same.
Attachments available and case number with specifics in next internal comment.
- depends on
OCPBUGS-2554 ingress, authentication and console operator goes to degraded after switching default application router scope
- links to