Allow egress-router to connect to cluster service network for DNS, etc. #20094
Conversation
openshift-ci-robot
added
the
size/M
openshift-ci-robot
added
the
approved
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@openshift/sig-networking PTAL |
| @@ -213,11 +213,23 @@ func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) error { | |||
| }, | |||
| Gw: defaultGW, | |||
| } | |||
| err = netlink.RouteAdd(route) | |||
| if err != nil { | |||
| if err := netlink.RouteAdd(route); err != nil { | |||
| return fmt.Errorf("failed to configure macvlan device: %v", err) | |||
There was a problem hiding this comment.
let's fix up the lame error messages here, for future debugging purposes. "failed to add route to node IP: %v"
| // Add a route to service network via SDN | ||
| _, serviceIPNet, err := net.ParseCIDR(config.ServiceNetworkCIDR) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to configure macvlan device: %v", err) |
There was a problem hiding this comment.
This doesn't really matter much since it should be "can't happen", but, "failed to parse ServiceNetworkCIDR: %v"
| Gw: defaultGW, | ||
| } | ||
| if err := netlink.RouteAdd(route); err != nil { | ||
| return fmt.Errorf("failed to configure macvlan device: %v", err) |
There was a problem hiding this comment.
"failed to add route to service network: %v"
pravisankar
force-pushed
the
egress-router-add-svc-route
branch
from
f25605a to
d7c576b
Compare
|
/retest |
openshift#19885 allows egress routers to connect to the node IP but when openshift node is configured to use service network IP as DNS IP then egress router pod will not be able to resolve DNS requests. This change will address this issue.
pravisankar
force-pushed
the
egress-router-add-svc-route
branch
from
d7c576b to
339dccb
Compare
|
code looks good |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, pravisankar The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@pravisankar Do you want to have this go in to 3.10? If so, you need to pull the hold today... are we concerned that there is risk introduced by this? |
|
@knobunc @danwinship @imcsk8 So this PR only handles (1) but not (2). To cover all the cases, we really need to pass DNS IP to SDN and to the sdn-cni-plugin and then need to add a route to DNS IP via SDN. |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
I'm okay with handling (2) above as a separate PR. Can you add a bug or card to track it please? |
|
/cherrypick release-3.10 |
|
@pravisankar: new pull request created: #20102 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
#19885 allows egress routers to
connect to the node IP but when openshift node is configured to use
service network IP as DNS IP then egress router pod will not be able
to resolve DNS requests. This change will address this issue.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1594958