Fix egress services issue #4056
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andreaskaris
requested review from
trozet,
dcbw,
girishmg and
jcaamano
as code owners
andreaskaris
force-pushed
the
fix-egress-services-issue
branch
2 times, most recently
from
b847da9
to
3bf2c6a
Compare
|
Changes unknown |
andreaskaris
force-pushed
the
fix-egress-services-issue
branch
3 times, most recently
from
9fc3fc7
to
403b42e
Compare
ovnkube-single-node-zone templates now correctly forward the OVN_DISABLE_FORWARDING variable to ovnkube-node. Signed-off-by: Andreas Karis <ak.karis@gmail.com>
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
EgressIP failover can take a while and test case e2e (control-plane, noHA, shared, ipv4, SnatGW, 1br, ic-single-node-zones, disable-forwarding) seems to be more susceptible to these timeouts. Bump the timeout by a factor of 3 to reduce the chance of encountering flakes. Signed-off-by: Andreas Karis <ak.karis@gmail.com>
andreaskaris
force-pushed
the
fix-egress-services-issue
branch
from
403b42e
to
eabd091
Compare
Commit f062cbb introduced a default FORWARD DROP for breth0 and allow-listed Service CIDRs and the masquerade IPs. However, this breaks Egress Service traffic. Add the ClusterCIDRs to the allow-list. Reported-at: ovn-org#4042 Signed-off-by: Andreas Karis <ak.karis@gmail.com>
andreaskaris
force-pushed
the
fix-egress-services-issue
branch
from
eabd091
to
442747f
Compare
trozet
approved these changes
Jan 5, 2024
| @@ -404,6 +405,7 @@ jobs: | |||
| - {"target": "external-gateway", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"} | |||
| - {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"} | |||
| - {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"} | |||
| - {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "forwarding": "disable-forwarding"} | |||
There was a problem hiding this comment.
good idea, now that we have more CI resources this should be fine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix egress services issue
Upstream bug: #4042
Downstream bug: https://issues.redhat.com/browse/OCPBUGS-25637
See this PR which demonstrates the issue: #4055