Loading...

Type: Bug
Resolution: Not a Bug
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.18.z
Component/s: Networking / ovn-kubernetes
Labels:

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Moderate
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
Known Issue
Release Note Text:
Only kapi and dns are reachable from udn pods, image registry is not.

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Requests to internal image registry "image-registry.openshift-image-registry.svc:5000" from a pod running inside a namespace with UDN configured fails with timeout error.

For example, S2I builds will fail due to this.

$ cat << EOF | oc apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: loadbalancer
  labels:
    k8s.ovn.org/primary-user-defined-network: ""
EOF
namespace/loadbalancer created



$ oc project loadbalancer


$ cat << EOF | oc apply -f -
apiVersion: k8s.ovn.org/v1
kind: UserDefinedNetwork
metadata:
  name: udn
  namespace: loadbalancer
spec:
  topology: Layer2 
  layer2: 
    role: Primary 
    subnets:
      - "192.168.0.0/24"
EOF



$ oc new-app rails-postgresql-example
--> Deploying template "loadbalancer/rails-postgresql-example" to project loadbalancer     Rails + PostgreSQL (Ephemeral)
     ---------
     An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/rails-ex/blob/master/README.md.
     
     WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.     The following service(s) have been created in your project: rails-postgresql-example, postgresql.
     
     For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/rails-ex/blob/master/README.md.     * With parameters:
        * Name=rails-postgresql-example
        * Namespace=openshift
        * Ruby Version=3.1-ubi8
        * Postgresql Version=12-el8
        * Memory Limit=512Mi
        * Memory Limit (PostgreSQL)=512Mi
        * Git Repository URL=https://github.com/sclorg/rails-ex.git
        * Git Reference=
        * Context Directory=
        * Application Hostname=
        * GitHub Webhook Secret=TclCsQxcHPp8qmgPR5VyMFX37WxdLfq0Q1N205R1 # generated
        * Secret Key=ql4okifgs7h5stec5cupeq6by3o38ajs31056hd2w4bwigjqg5quojrdasutkr8x3j7t02p317t8ug6dtp2enoyomney4bk7sdbgb8kxic4wvi3xswq5ccny3b0ybtr # generated
        * Application Username=openshift
        * Application Password=secret
        * Rails Environment=production
        * Database Service Name=postgresql
        * Database Username=userREB # generated
        * Database Password=6HC1gy0R # generated
        * Database Name=root
        * Maximum Database Connections=100
        * Shared Buffer Amount=12MB
        * Custom RubyGems Mirror URL=--> Creating resources ...
    secret "rails-postgresql-example" created
    service "rails-postgresql-example" created
    route.route.openshift.io "rails-postgresql-example" created
    imagestream.image.openshift.io "rails-postgresql-example" created
    buildconfig.build.openshift.io "rails-postgresql-example" created
    deployment.apps "rails-postgresql-example" created
    service "postgresql" created
    deployment.apps "postgresql" created
--> Success
    Access your application via route 'rails-postgresql-example-loadbalancer.apps.aygarg.indiashift.support' 
    Build scheduled, use 'oc logs -f buildconfig/rails-postgresql-example' to track its progress.
    Run 'oc status' to view your app.



$ oc get pod
NAME                               READY   STATUS    RESTARTS   AGE
postgresql-c55f59794-89vj2         1/1     Running   0          20m
rails-postgresql-example-1-build   0/1     Error     0          20m


oc logs rails-postgresql-example-1-build -f
Defaulted container "sti-build" out of: sti-build, git-clone (init), manage-dockerfile (init)
time="2025-04-07T18:10:25Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I0407 18:10:25.319317       1 defaults.go:112] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".
Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d...
time="2025-04-07T18:11:25Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:12:26Z" level=warning msg="Failed, retrying in 2s ... (2/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:13:28Z" level=warning msg="Failed, retrying in 4s ... (3/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
Warning: Pull failed, retrying in 5s ...
Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d...
time="2025-04-07T18:15:37Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:16:38Z" level=warning msg="Failed, retrying in 2s ... (2/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:17:40Z" level=warning msg="Failed, retrying in 4s ... (3/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
Warning: Pull failed, retrying in 5s ...
Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d...
time="2025-04-07T18:19:49Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:20:50Z" level=warning msg="Failed, retrying in 2s ... (2/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
time="2025-04-07T18:21:52Z" level=warning msg="Failed, retrying in 4s ... (3/3). Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get \"https://image-registry.openshift-image-registry.svc:5000/v2/\": dial tcp 172.30.235.63:5000: i/o timeout"
Warning: Pull failed, retrying in 5s ...
error: build error: After retrying 2 times, Pull image still failed due to error: initializing source docker://image-registry.openshift-image-registry.svc:5000/openshift/ruby@sha256:d01fda50222b7d9ff402bf8c632642db8a8ce55280bf6c5c569428803d6f519d: pinging container registry image-registry.openshift-image-registry.svc:5000: Get "https://image-registry.openshift-image-registry.svc:5000/v2/": dial tcp 172.30.235.63:5000: i/o timeout

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide