-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.13, 4.12, 4.14, 4.15, 4.16, 4.17, 4.18, 4.19, 4.20, 4.21, 4.22
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
In a recent bug (https://issues.redhat.com/browse/OCPBUGS-59552) we saw how services with named target ports were overlooked in ovn-kubernetes and resulted in invalid iptables rules for services with ETP=local and allocateLoadBalancerNodePorts=false.
This is due to the fact we use TargetPort.IntOrString() or even just TargetPort.String() in a few places in the code base when retrieving the target port number and (wrongly) expecting to always find an integer.
Looking at gateway_shared_intf.go, there are errors that we incur for the same reason when adding openflow rules for ETP=local services with local endpoints that are host-networked:
https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/go-controller/pkg/node/gateway_shared_intf.go#L302-L324
https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/go-controller/pkg/node/gateway_shared_intf.go#L507-L528
This should be fixed, since it leads to an attempt to inject invalid flows into br-ex and results in an error:
E0925 15:20:37.228390 1087 openflow_manager.go:131] Failed to add flows, error: exit status 1, stderr, ovs-ofctl: -:5: invalid nat range "172.20.0.3:diameterstack"