New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-13885: [release-4.12] Drop packets that were not properly SNATed #1679
OCPBUGS-13885: [release-4.12] Drop packets that were not properly SNATed #1679
Conversation
Signed-off-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit 7c856ae)
This commit doesn't bring any logical changes. It tries to improve readability and enable future changes. Signed-off-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit 9604a9c)
Commit egress IP pod assignment as one transaction with the following ops: 1. Add SNAT towards egress IP on egress gw router 2. Add a router policy to forward pod traffic to the egress node 3. Delete SNAT towards nodeIP(only if the egress node is the same as the pod host) Commit egress IP pod removal as one transaction with the following ops: 1. Add SNAT towards nodeIP(only if the egress node is the same as the pod host) 2. Remove router policy that forwards pod traffic to the egress node 3. Remove SNAT towards egress IP from the egress node Signed-off-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit ead05f8)
…y SNATed Egress IP is often configured on a node different from the one hosting the affected pod. Due to the fact that ovn-controllers on different nodes apply the changes independently, there is a chance that the pod traffic will reach the egress node before it configures the SNAT flows. Drop pod traffic that is not SNATed, excluding local pods(required for ICNI) Signed-off-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit 39b55de) (cherry picked from commit 3fd2a22)
/jira cherrypick OCPBUGS-12864 |
@kyrtapz: Jira Issue OCPBUGS-12864 has been cloned as Jira Issue OCPBUGS-13885. Will retitle bug to link to clone. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@kyrtapz: This pull request references Jira Issue OCPBUGS-13885, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
/ocpbugs cc-qa |
/label qe-approved |
/jira refresh |
@kyrtapz: This pull request references Jira Issue OCPBUGS-13885, which is valid. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
/assign @martinkennelly |
@martinkennelly @trozet ptal |
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcaamano, kyrtapz, martinkennelly The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/label cherry-pick-approved |
/retest-required |
/hold Revision 45838ae was retested 3 times: holding |
/retest-required |
/hold cancel |
/test e2e-aws-ovn-upgrade-local-gateway |
/test e2e-gcp-ovn |
/test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade |
@kyrtapz: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
58fff18
into
openshift:release-4.12
@kyrtapz: Jira Issue OCPBUGS-13885: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-13885 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Manual backport of #1662 and ovn-org/ovn-kubernetes#3349.
There were conflicts in all but the second commit due to the general differences between 4.12 and 4.13 releases.