Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5562

Update default policy in iptables' chains with OVN-K config scripts

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • SDN
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      Update default policy in iptables' chains with OVN-K config scripts

      2. What is the nature and description of the request?

      PLATFORM: 4.14 OVN-K based OCP cluster with RHEL workers (upgraded from previous versions)

      The current default policy is ACCEPT by OVN-K, 

      • This is about RHEL worker only, since it uses default DROP in iptables - coreOS has default ACCEPT, 
      • default OVN rules get appended on boot, but few are missing, so certain traffic type (case description) is dropped, leading to e.g. lack of communication to k8s API via default svc

      The request here is to make the default DROP and relevant/missing rules to be added along with other OVN-K configurations upon node boot.

      3. Why does the customer need this? (List the business requirements here)

      Customer is adding missing rules manually.

      4. List any affected packages or components.

      OVN-K

              mcurry@redhat.com Marc Curry
              rhn-support-chdeshpa Chinmay Deshpande
              Deepthi Dharwar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: