Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP #433

Merged
merged 2 commits into from Jun 1, 2022
Merged

[release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP #433

merged 2 commits into from Jun 1, 2022

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #430

/assign kyrtapz

@kyrtapz
Masquerade traffic marked for egress IP that was DNATed to an IP in c…
af6367d 
…luster network.

In a scenario where an ExternalIP/LoadBalancer is used by a pod with an egress IP configured the packets will be marked and redirected to the egress node using ovs flows.
On the egress node, the traffic will be DNATed to an IP that is in the cluster network. Instead of SNATing to an egress IP masquerade the outgoing packets to ensure that the response traffic is sent back through the same node.

Signed-off-by: Patryk Diak <pdiak@redhat.com>
(cherry picked from commit caa3f51)
@kyrtapz
Exclude the default drop bit from egress IP VNID
8cce619 
This is needed for egress IP traffic that is DNATed to a local IP(ExternalIP/LoadBalancer).
This type of traffic traverses KUBE-FIREWALL chain which drops packets marked with the default drop bit.

Signed-off-by: Patryk Diak <pdiak@redhat.com>
(cherry picked from commit ce6a051)
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 26, 2022
Merged
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 26, 2022

@openshift-cherrypick-robot: Bugzilla bug 2082451 has been cloned as Bugzilla bug 2090624. Retitling PR to link against new bug.
/retitle [release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP

In response to this:

[release-4.9] Bug 2082451: Masquerade in cluster traffic that is marked for egress IP

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot changed the title [release-4.9] Bug 2082451: Masquerade in cluster traffic that is marked for egress IP [release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP May 26, 2022
@openshift-ci openshift-ci bot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels May 26, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 26, 2022

@openshift-cherrypick-robot: This pull request references Bugzilla bug 2090624, which is invalid:

  • expected dependent Bugzilla bug 2082451 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from aojea and squeed May 26, 2022 07:16
@kyrtapz
Copy link
Contributor

kyrtapz commented May 26, 2022

/bugzilla refresh

@openshift-ci openshift-ci bot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels May 26, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 26, 2022

@kyrtapz: This pull request references Bugzilla bug 2090624, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.9.z) matches configured target release for branch (4.9.z)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 2082451 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
  • dependent Bugzilla bug 2082451 targets the "4.10.z" release, which is one of the valid target releases: 4.10.0, 4.10.z
  • bug has dependents

Requesting review from QA contact:
/cc @huiran0826

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from huiran0826 May 26, 2022 13:18
@huiran0826
Copy link

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label May 27, 2022
@kyrtapz
Copy link
Contributor

kyrtapz commented May 31, 2022

/cherry-pick release-4.8

@openshift-cherrypick-robot
Copy link
Author

@kyrtapz: once the present PR merges, I will cherry-pick it on top of release-4.8 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kyrtapz
Copy link
Contributor

kyrtapz commented May 31, 2022

/retest

1 similar comment
@kyrtapz
Copy link
Contributor

kyrtapz commented May 31, 2022

/retest

@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 31, 2022

@openshift-cherrypick-robot: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@danwinship
Copy link
Contributor

/lgtm
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label May 31, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 31, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 31, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 31, 2022
@huiran0826
Copy link

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jun 1, 2022
@openshift-merge-robot openshift-merge-robot merged commit 70b81e7 into openshift:release-4.9 Jun 1, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 1, 2022

@openshift-cherrypick-robot: All pull requests linked via external trackers have merged:

Bugzilla bug 2090624 has been moved to the MODIFIED state.

In response to this:

[release-4.9] Bug 2090624: Masquerade in cluster traffic that is marked for egress IP

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 1, 2022
Merged
@openshift-cherrypick-robot
Copy link
Author

@kyrtapz: new pull request created: #435

In response to this:

/cherry-pick release-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aojea aojea Awaiting requested review from aojea

@squeed squeed Awaiting requested review from squeed

@huiran0826 huiran0826 Awaiting requested review from huiran0826

Assignees

@danwinship danwinship

@kyrtapz kyrtapz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@openshift-cherrypick-robot @kyrtapz @huiran0826 @danwinship @openshift-merge-robot