-
Bug
-
Resolution: Unresolved
-
Critical
-
4.18.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
Critical
-
None
-
None
-
None
-
CORENET Sprint 274, CORENET Sprint 275
-
2
-
contract-priority
-
-
In Progress
-
Release Note Not Required
-
N/A
-
None
-
None
-
None
-
None
Description of problem:
When accessing external resource from a pod backed by the EgressService it doesn't uses IP address of the service(type LoadBalancer):
oc rsh -n rds-egress-ns deploy/rds-egress-deploy2 ~ $ curl -Lv http://10.46.187.195:9090/clientip * Trying 10.46.187.195:9090... * Connected to 10.46.187.195 (10.46.187.195) port 9090 (#0) > GET /clientip HTTP/1.1 > Host: 10.46.187.195:9090 > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Wed, 12 Mar 2025 15:46:09 GMT < Content-Length: 19 < Content-Type: text/plain; charset=utf-8 < * Connection #0 to host 10.46.187.195 left intact 10.46.187.204:55518~ $
while IP address configured on the LoadBalancer service is 192.200.10.3
apiVersion: v1 kind: Service metadata: annotations: metallb.io/ip-allocated-from-pool: rds-local-pool metallb.universe.tf/address-pool: rds-local-pool creationTimestamp: "2025-03-12T14:24:03Z" name: egress-svc-2 namespace: rds-egress-ns resourceVersion: "102862" uid: 544432cb-b911-4d82-a4b0-36bb80bffe34 spec: allocateLoadBalancerNodePorts: true clusterIP: 172.30.209.24 clusterIPs: - 172.30.209.24 - fd02::8d50 externalTrafficPolicy: Local healthCheckNodePort: 31117 internalTrafficPolicy: Cluster ipFamilies: - IPv4 - IPv6 ipFamilyPolicy: RequireDualStack ports: - nodePort: 32604 port: 9090 protocol: TCP targetPort: 9090 selector: rds-egress: rds-core-2 sessionAffinity: None type: LoadBalancer status: loadBalancer: ingress: - ip: 192.200.10.3 ipMode: VIP - ip: fd12:2222:3333:4444::3 ipMode: VIP
Respective EgressService:
oc get egressservices.k8s.ovn.org -n rds-egress-ns egress-svc-2 -o yaml apiVersion: k8s.ovn.org/v1 kind: EgressService metadata: creationTimestamp: "2025-03-12T14:24:03Z" generation: 1 name: egress-svc-2 namespace: rds-egress-ns resourceVersion: "102871" uid: c1a5f802-8ba9-47dd-8b08-f2590daac136 spec: network: "999" nodeSelector: matchLabels: node-role.kubernetes.io/standard: "" sourceIPBy: LoadBalancerIP status: host: openshift-worker-1
Version-Release number of selected component (if applicable):
4.18.4
How reproducible:
This happens on the newly deployed clusters only. After cluster's hard/soft reboot service starts working
Steps to Reproduce:
1. Deploy and configure dual stack baremetal cluster
2. Follow doc to configure symmetric routing with MetalLB (https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/networking/load-balancing-with-metallb#metallb-configure-return-traffic)
3. Access external resource from a pod backed by EgressService
Actual results:
Source IP address from the request doesn't match IP address from the associated service(of type LoadBalancer)
Expected results:
Source IP address from the request matches IP address from the associated service(of type LoadBalancer)