-
Bug
-
Resolution: Done
-
Critical
-
4.18.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
Critical
-
None
-
None
-
None
-
CORENET Sprint 274, CORENET Sprint 275
-
2
-
contract-priority
-
-
In Progress
-
Release Note Not Required
-
N/A
-
None
-
None
-
None
-
None
Description of problem:
When accessing external resource from a pod backed by the EgressService it doesn't uses IP address of the service(type LoadBalancer):
oc rsh -n rds-egress-ns deploy/rds-egress-deploy2 ~ $ curl -Lv http://10.46.187.195:9090/clientip * Trying 10.46.187.195:9090... * Connected to 10.46.187.195 (10.46.187.195) port 9090 (#0) > GET /clientip HTTP/1.1 > Host: 10.46.187.195:9090 > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Wed, 12 Mar 2025 15:46:09 GMT < Content-Length: 19 < Content-Type: text/plain; charset=utf-8 < * Connection #0 to host 10.46.187.195 left intact 10.46.187.204:55518~ $
while IP address configured on the LoadBalancer service is 192.200.10.3
apiVersion: v1
kind: Service
metadata:
annotations:
metallb.io/ip-allocated-from-pool: rds-local-pool
metallb.universe.tf/address-pool: rds-local-pool
creationTimestamp: "2025-03-12T14:24:03Z"
name: egress-svc-2
namespace: rds-egress-ns
resourceVersion: "102862"
uid: 544432cb-b911-4d82-a4b0-36bb80bffe34
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 172.30.209.24
clusterIPs:
- 172.30.209.24
- fd02::8d50
externalTrafficPolicy: Local
healthCheckNodePort: 31117
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: RequireDualStack
ports:
- nodePort: 32604
port: 9090
protocol: TCP
targetPort: 9090
selector:
rds-egress: rds-core-2
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 192.200.10.3
ipMode: VIP
- ip: fd12:2222:3333:4444::3
ipMode: VIP
Respective EgressService:
oc get egressservices.k8s.ovn.org -n rds-egress-ns egress-svc-2 -o yaml
apiVersion: k8s.ovn.org/v1
kind: EgressService
metadata:
creationTimestamp: "2025-03-12T14:24:03Z"
generation: 1
name: egress-svc-2
namespace: rds-egress-ns
resourceVersion: "102871"
uid: c1a5f802-8ba9-47dd-8b08-f2590daac136
spec:
network: "999"
nodeSelector:
matchLabels:
node-role.kubernetes.io/standard: ""
sourceIPBy: LoadBalancerIP
status:
host: openshift-worker-1
Version-Release number of selected component (if applicable):
4.18.4
How reproducible:
This happens on the newly deployed clusters only. After cluster's hard/soft reboot service starts working
Steps to Reproduce:
1. Deploy and configure dual stack baremetal cluster
2. Follow doc to configure symmetric routing with MetalLB (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/networking/load-balancing-with-metallb#metallb-configure-return-traffic)
3. Access external resource from a pod backed by EgressService
Actual results:
Source IP address from the request doesn't match IP address from the associated service(of type LoadBalancer)
Expected results:
Source IP address from the request matches IP address from the associated service(of type LoadBalancer)
