search

kcp-dev / contrib-tmc

An experimental add-on readding some Kubernetes compute APIs and impement transparent multi-cluster scheduling
Apache License 2.0
5 stars 3 forks source link

bug: network policies break internal cluster communication on OpenShift #26

Open astefanutti opened 1 year ago

astefanutti commented 1 year ago

Describe the bug

The network policies that are created by the kcp-dns deployments for each workspace break intra-cluster communication on OpenShift, with the following errors in the kcp-dns-xxx deployments:

[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:50962->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:50318->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:40727->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:35334->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:57903->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:37753->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:58677->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:58091->172.30.0.10:53: i/o timeout

Steps To Reproduce

  1. Create a sync target that points to an OpenShift cluster
  2. Deploy the syncer components on that OpenShift cluster
  3. Create a namespace that's scheduled in that OpenShift cluster
  4. Create a deployment that resolves hostnames internal to the cluster

Expected Behaviour

The network policies should be compatible with OpenShift internal networking.

Additional Context

Deleting the network policies fixes the issue.

mjudeikis commented 11 months ago

/transfer-issue contrib-tmc

mjudeikis commented 10 months ago

/transfer-issue contrib-tmc