-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-46529: kubevirt, Don't break on hostname NodePort.Address #5313
OCPBUGS-46529: kubevirt, Don't break on hostname NodePort.Address #5313
Conversation
@qinqon: This pull request references Jira Issue OCPBUGS-46529, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@qinqon: This pull request references Jira Issue OCPBUGS-46529, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/cc @orenc1 @davidvossel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
if the hostname points to a LB that then redirects traffic to the baremetal nodes, then this solution of skipping the NP will be fine.
However, if someone attempts to point the hostname's DNS entry directly to one of the infra cluster's nodes, then it's possible the VM pods won't be able to connect to the api server using the baremetal node's IP due to lack of network policy.
in that second scenario, my expectation is that someone creates a network policy to allow the traffic to flow from the VMs to the host network. There's no practical way I'm aware of we can use to detect which scenario (LB vs usage of node IPs directly) is in use in order to auto create the NP in the event hostname is in use. For example, a DNS lookup wouldn't necessarily help here because the DNS could be doing some round robin strategy when it hands out IPs, so us trying to infer anything from DNS wouldn't be accurate.
Anyway... This is all to say, i think your PR is accurate, and we probably need to account for how to handle NodePort + Hostname for the kubevirt platform in documentation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: davidvossel, qinqon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Using a hostname at NodePort service strategy is allowed by the api but the kubevirt provider breaks trying to check if it's an ipv4 or ipv6 to populate a network policy, this change skip that network policy because hostname would be an external address so no network policy is needed. Signed-off-by: Enrique Llorente <[email protected]>
a604f8e
to
4661fc0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
@qinqon: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
ef4835d
into
openshift:main
@qinqon: Jira Issue OCPBUGS-46529: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-46529 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/cherry-pick release-4.18 |
@qinqon: new pull request created: #5317 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
What this PR does / why we need it:
Using a hostname at NodePort service strategy is allowed by the api but the kubevirt provider breaks trying to check if it's an ipv4 or ipv6 to populate a network policy, this change skip that network policy because hostname would be an external address so no network policy is needed.
Which issue(s) this PR fixes
Fixes #OCPBUGS-46529
Checklist