search

okd-project / okd

The self-managing, auto-upgrading, Kubernetes distribution for everyone
https://okd.io
Apache License 2.0
1.71k stars 294 forks source link

ExternalIp No route to host #453

Closed reavessm closed 3 years ago

reavessm commented 3 years ago

Describe the bug

Can't access service by externalIP, but I can access via route.

oc describe svc/stream:

Name:              stream
Namespace:         homelab-rtmp
Labels:            <none>
Annotations:       <none>
Selector:          app=stream
Type:              ClusterIP
IP:                172.30.165.195
External IPs:      192.168.0.24
Port:              auth  80/TCP
TargetPort:        80/TCP
Endpoints:         10.129.2.166:80
Port:              hls  8080/TCP
TargetPort:        8080/TCP
Endpoints:         10.129.2.166:8080
Port:              default  8081/TCP
TargetPort:        8081/TCP
Endpoints:         10.129.2.166:8081
Session Affinity:  None
Events:            <none>

oc descibe route/test:

Name:           test
Namespace:      homelab-rtmp
Created:        2 hours ago
Labels:         <none>
Annotations:        <none>
Requested Host:     test-rtmp.domain.com
              exposed on router default (host apps.openshift.domain.com) 2 hours ago
Path:           <none>
TLS Termination:    <none>
Insecure Policy:    <none>
Endpoint Port:      default

Service:    stream
Weight:     100 (100%)
Endpoints:  10.129.2.166:8081, 10.129.2.166:8080, 10.129.2.166:80

NOTE: port default == 8081

$ curl http://test-rtmp.domain.com
hello
$ curl http://192.168.0.24:8081
curl: (7) Failed to connect to 192.168.0.24 port 8081: No route to host

Cluster Settings > Global Configuration > Network > Yaml

apiVersion: config.openshift.io/v1
kind: Network
metadata:
  creationTimestamp: '2020-12-01T14:32:57Z'
  generation: 3
  managedFields:
    - apiVersion: config.openshift.io/v1
      fieldsType: FieldsV1
      fieldsV1:
        'f:spec':
          .: {}
          'f:clusterNetwork': {}
          'f:externalIP':
            .: {}
            'f:policy': {}
          'f:networkType': {}
          'f:serviceNetwork': {}
        'f:status': {}
      manager: cluster-bootstrap
      operation: Update
      time: '2020-12-01T14:32:57Z'
    - apiVersion: config.openshift.io/v1
      fieldsType: FieldsV1
      fieldsV1:
        'f:status':
          'f:clusterNetwork': {}
          'f:clusterNetworkMTU': {}
          'f:networkType': {}
          'f:serviceNetwork': {}
      manager: cluster-network-operator
      operation: Update
      time: '2020-12-01T14:56:25Z'
    - apiVersion: config.openshift.io/v1
      fieldsType: FieldsV1
      fieldsV1:
        'f:spec':
          'f:externalIP':
            'f:policy':
              'f:allowedCIDRs': {}
      manager: Mozilla
      operation: Update
      time: '2020-12-30T17:28:05Z'
  name: cluster
  resourceVersion: '12589051'
  selfLink: /apis/config.openshift.io/v1/networks/cluster
  uid: 9b1ca0e6-eb9d-463a-a7d1-4c6f735f2dc7
spec:
  clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
  externalIP:
    policy:
      allowedCIDRs:
        - 192.168.0.0/23
  networkType: OVNKubernetes
  serviceNetwork:
    - 172.30.0.0/16
status:
  clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
  clusterNetworkMTU: 1400
  networkType: OVNKubernetes
  serviceNetwork:
    - 172.30.0.0/16

Version

Client Version: 4.6.6 Server Version: 4.6.0-0.okd-2020-12-12-135354 Kubernetes Version: v1.19.2-1008+70708036fc2657-dirty IPI on Ovirt

How reproducible

100%

Log bundle

devzeronull commented 3 years ago

Hi, could you solve this problem?

reavessm commented 3 years ago

I had to delete my cluster due to other reasons, but I should be able to retest this later today and report back if this issue is still needed

devzeronull commented 3 years ago

Thanks for your response, so you never got ExternalIPs work in 4.6? We are experiencing the same problem with a 4.6 cluster and assuming whether this was an already fixed bug or not...

vrutkovs commented 3 years ago

Is this an OKD specific issue? If its reproducible on OCP please file a bugzilla so that we get more attention from ingress / networking developers

reavessm commented 3 years ago

I never did get it working with 4.6 and my new cluster is now running 4.7 so when I get around to restesting it might not be super helpful

devzeronull commented 3 years ago

Well, thank you for sharing, but did you get it working with 4.7 in the end? If yes, do you also use OVNKubernetes under 4.7?

reavessm commented 3 years ago

I did not get it working 4.7. The network should still be the same as before, but this was the yaml I used to test with

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-test
  template:
    metadata:
      labels:
        app: nginx-test
    spec:
      containers:
        - name: test
          image: openshift/hello-openshift
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-test
spec:
  externalIPs:
    - 192.168.0.35
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: nginx-test

Then I tried pinging 192.168.0.35 but to no avail

I will leave this running as its very possible I am doing something wrong

mburke5678 commented 3 years ago

@vrutkovs @reavessm Did we determine if this problem is OKD only? Also, https://github.com/openshift/okd/issues/572