Source pod ip is not preserved when contacting a cluster ip service #11042
Comments
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci-robot
added
lifecycle/rotten
|
Not clear if we're going to fix this before migrating everyone to OVN, but we don't want the issue auto-closed /remove-lifecycle rotten |
openshift-ci-robot
added
lifecycle/frozen
|
This works for ovs-networkpolicy, and is not going to be fixed for ovs-multitenant. |
|
@danwinship: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
A kube e2e test was added to validate preservation of the pod source ip when contacting a service:
kubernetes/kubernetes#30739
This test currently fails when run against origin. According to @danwinship, this is due to docker adding a rule ensuring that anything with a source IP in lbr0's network and destination IP outside of lbr0's network is masqueraded. The result is that a pod IP (e.g. x.x.x.5) would appear to the service ip as the lbr0 gateway (e.g. x.x.x.1).
The e2e in question will be skipped until this issue is resolved.
cc: @openshift/networking
The text was updated successfully, but these errors were encountered: