Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #3371: Fix inability to access NodePort in particular case #3397

Merged
merged 1 commit into from Mar 7, 2022
Merged

Automated cherry pick of #3371: Fix inability to access NodePort in particular case #3397

merged 1 commit into from Mar 7, 2022

Conversation

hongliangl
Copy link
Contributor

Cherry pick of #3371 on release-1.5.

#3371: Fix inability to access NodePort in particular case

For details on the cherry pick process, see the cherry pick requests page.

@hongliangl hongliangl added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Mar 4, 2022
@codecov-commenter
Copy link

codecov-commenter commented Mar 4, 2022
edited

Codecov Report

Merging #3397 (eb362e0) into release-1.5 (318ccde) will decrease coverage by 7.65%.
The diff coverage is 87.87%.

Impacted file tree graph

@@               Coverage Diff               @@
##           release-1.5    #3397      +/-   ##
===============================================
- Coverage        59.87%   52.21%   -7.66%     
===============================================
  Files              332      464     +132     
  Lines            28495    54702   +26207     
===============================================
+ Hits             17062    28565   +11503     
- Misses            9547    23676   +14129     
- Partials          1886     2461     +575
Flag Coverage Δ
e2e-tests 52.26% <87.87%> (?)
integration-tests 34.02% <ø> (?)
kind-e2e-tests 46.48% <70.83%> (-1.46%) ⬇️
unit-tests 41.43% <12.50%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/ovs/openflow/ofctrl_nxfields.go 67.24% <76.92%> (+1.85%) ⬆️
pkg/agent/openflow/pipeline.go 69.46% <92.30%> (-4.41%) ⬇️
pkg/ovs/openflow/ofctrl_action.go 69.57% <100.00%> (-0.01%) ⬇️
pkg/ovs/openflow/ofctrl_builder.go 63.38% <100.00%> (+4.16%) ⬆️
pkg/agent/cniserver/pod_configuration_linux.go 26.31% <0.00%> (-40.36%) ⬇️
pkg/controller/ipam/antrea_ipam_controller.go 48.71% <0.00%> (-31.57%) ⬇️
pkg/controller/networkpolicy/endpoint_querier.go 61.46% <0.00%> (-29.97%) ⬇️
pkg/controller/egress/controller.go 62.19% <0.00%> (-26.26%) ⬇️
.../registry/networkpolicy/clustergroupmember/rest.go 64.28% <0.00%> (-23.95%) ⬇️
pkg/agent/cniserver/ipam/antrea_ipam.go 55.55% <0.00%> (-23.62%) ⬇️
... and 430 more

@hongliangl
Copy link
Contributor Author

/test-all-features-conformance
/test-conformance
/test-e2e
/test-flexible-ipam-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-networkpolicy
/test-ipv6-only-conformance
/test-ipv6-only-e2e
/test-ipv6-only-networkpolicy
/test-multicluster-e2e
/test-networkpolicy
/test-windows-conformance
/test-windows-e2e
/test-windows-networkpolicy
/test-windows-proxyall-e2e
/test-integration

@hongliangl
Fix inability to access NodePort in particular case
eb362e0 
When a Service NodePort and an Egress CRD has the same backend Pod, accessing
to the NodePort Service may fail in particular cases. Assume that the backend
Pod is on Node A and the Egress's external IP is on Node B. If an external
client (not any K8s Node) accesses the NodePort through IP of Node A where
the backend Pod is running, the access will fail. The root cause is that the
reply packets of NodePort is incorrectly matched by the flow installed by Egress
which is used to match the packets sourced from local Pods and destined for
tunneling to Node B. This PR fixes the issue by loading NXM_NX_REG0[0..3]
(PktSourceField, field to mark packet source) to NXM_NX_CT_MARK[0..3] when Service
connection is committed, then the reply packets of Service connection sourced
from Antrea gateway can be matched by NXM_NX_CT_MARK[0..3] and forced back to
Antrea gateway.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
@hongliangl hongliangl force-pushed the automated-cherry-pick-of-#3371-upstream-release-1.5 branch from 334dab3 to eb362e0 Compare March 4, 2022 13:25
@hongliangl
Copy link
Contributor Author

/test-all-features-conformance
/test-conformance
/test-e2e
/test-flexible-ipam-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-networkpolicy
/test-ipv6-only-conformance
/test-ipv6-only-e2e
/test-ipv6-only-networkpolicy
/test-multicluster-e2e
/test-networkpolicy
/test-windows-conformance
/test-windows-e2e
/test-windows-networkpolicy
/test-windows-proxyall-e2e
/test-integration

@tnqn tnqn merged commit 8b2deb2 into antrea-io:release-1.5 Mar 7, 2022
@hongliangl hongliangl deleted the automated-cherry-pick-of-#3371-upstream-release-1.5 branch April 21, 2022 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn tnqn approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hongliangl @codecov-commenter @tnqn