Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-765

egressIP feature does not work after upgrade from OCP 4.7 to OCP 4.8

    XMLWordPrintable

Details

    • Bug
    • Status: New
    • Major
    • Resolution: Unresolved
    • ossm 1.1.13
    • None
    • Maistra
    • None
    • False
    • False
    • Compatibility/Configuration

    Description

      Dear team,

      I'd like to report possible bug in OpenShift ServiceMesh. This is related to

      https://access.redhat.com/support/cases/#/case/03071511 support case.

      It looks OpenShift ServiceMesh is not compatible with OpenShift 4.8 egressIP feature.

      We use egressIP for one of our projects, after OpenShift cluster has been upgraded to version 4.8 this feature stopped working. During troubleshooting I discovered that it might be because network traffic is blocked by NetworkPolicy that is created in project namespace when project is added to ServiceMesh via ServiceMeshMember resource.

      Only workaround I was able to find is to "open" ingress for all cluster namespaces via following NetworkPolicy

      # FIXME: Allow ingress from all namespaces
      # This is a workaround to allow egressIP feature
      # See https://access.redhat.com/support/cases/#/case/03071511
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: istio-allow-egressip
      spec:
        ingress:
          - from:
              - namespaceSelector: {}
        podSelector: {}

      Is it possible that OpenShift egressIP and Openshift ServiceMesh have some conflicts that acutally blocks egressIP feature to work? Would you propose another workaround?

      Attachments

        Activity

          People

            Unassigned Unassigned
            xeops-px207 Jakub Slatinsky (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: