tssurya
commented
1 week ago fix works:
2024-06-17T19:39:10.4656414Z [0mServices [38;5;243mof type NodePort [0m[1mshould work on secondary node interfaces for ETP=local and ETP=cluster when backend pods are also served by EgressIP[0m
2024-06-17T19:39:10.4658921Z [38;5;243m/home/runner/work/ovn-kubernetes/ovn-kubernetes/test/e2e/service.go:894[0m
2024-06-17T19:39:10.4660416Z [1mSTEP:[0m Creating a kubernetes client [38;5;243m@ 06/17/24 19:39:10.464[0m
2024-06-17T19:39:10.4661521Z Jun 17 19:39:10.464: INFO: >>> kubeConfig: /home/runner/ovn.conf
2024-06-17T19:39:10.4663163Z [1mSTEP:[0m Building a namespace api object, basename services [38;5;243m@ 06/17/24 19:39:10.464[0m
2024-06-17T19:39:10.4749290Z Jun 17 19:39:10.474: INFO: Skipping waiting for service account
2024-06-17T19:39:10.4845239Z [1mSTEP:[0m Creating the endpoints pod, one for each worker [38;5;243m@ 06/17/24 19:39:10.484[0m
2024-06-17T19:39:10.4897719Z W0617 19:39:10.488954 63766 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "ovn-control-plane-ep-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "ovn-control-plane-ep-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "ovn-control-plane-ep-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "ovn-control-plane-ep-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
2024-06-17T19:39:12.5038026Z W0617 19:39:12.502810 63766 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "ovn-worker-ep-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "ovn-worker-ep-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "ovn-worker-ep-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "ovn-worker-ep-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
2024-06-17T19:39:14.5158482Z W0617 19:39:14.514874 63766 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "ovn-worker2-ep-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "ovn-worker2-ep-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "ovn-worker2-ep-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "ovn-worker2-ep-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
2024-06-17T19:39:16.5243990Z [1mSTEP:[0m Choosing egressIP pod [38;5;243m@ 06/17/24 19:39:16.524[0m
2024-06-17T19:39:16.5245342Z Jun 17 19:39:16.524: INFO: EgressIP pod is services-7471/ovn-control-plane-ep
2024-06-17T19:39:16.5246933Z [1mSTEP:[0m Label egress node create external container to send egress traffic to via secondary MultiNIC EIP [38;5;243m@ 06/17/24 19:39:16.524[0m
2024-06-17T19:39:20.2004517Z [1mSTEP:[0m Create an EgressIP object with one secondary multi NIC egress IP defined [38;5;243m@ 06/17/24 19:39:20.199[0m
2024-06-17T19:39:20.2006039Z Jun 17 19:39:20.200: INFO: Create the EgressIP configuration
2024-06-17T19:39:20.2008158Z Jun 17 19:39:20.200: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=default create -f egressip.yaml'
2024-06-17T19:39:20.2712367Z Jun 17 19:39:20.265: INFO: stderr: ""
2024-06-17T19:39:20.2724030Z Jun 17 19:39:20.265: INFO: stdout: "egressip.k8s.ovn.org/egressip created\n"
2024-06-17T19:39:20.2726289Z [1mSTEP:[0m Check that the status is of length one and that it is assigned to ovn-control-plane [38;5;243m@ 06/17/24 19:39:20.265[0m
2024-06-17T19:39:20.2730579Z Jun 17 19:39:20.265: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=default get eip -o json'
2024-06-17T19:39:20.3338854Z Jun 17 19:39:20.333: INFO: stderr: ""
2024-06-17T19:39:20.3349405Z Jun 17 19:39:20.333: INFO: stdout: "{\n \"apiVersion\": \"v1\",\n \"items\": [\n {\n \"apiVersion\": \"k8s.ovn.org/v1\",\n \"kind\": \"EgressIP\",\n \"metadata\": {\n \"creationTimestamp\": \"2024-06-17T19:39:20Z\",\n \"generation\": 2,\n \"name\": \"egressip\",\n \"resourceVersion\": \"3805\",\n \"uid\": \"d0220b84-0760-4970-ac2c-64b4e5b826d1\"\n },\n \"spec\": {\n \"egressIPs\": [\n \"10.10.10.105\"\n ],\n \"namespaceSelector\": {\n \"matchLabels\": {\n \"kubernetes.io/metadata.name\": \"services-7471\"\n }\n }\n },\n \"status\": {\n \"items\": [\n {\n \"egressIP\": \"10.10.10.105\",\n \"node\": \"ovn-control-plane\"\n }\n ]\n }\n }\n ],\n \"kind\": \"List\",\n \"metadata\": {\n \"resourceVersion\": \"\"\n }\n}\n"
2024-06-17T19:39:20.3356383Z [1mSTEP:[0m Creating an external container to send the ingress nodeport service traffic from [38;5;243m@ 06/17/24 19:39:20.333[0m
2024-06-17T19:39:20.7034146Z [1mSTEP:[0m Selecting additional IP addresses for each node [38;5;243m@ 06/17/24 19:39:20.703[0m
2024-06-17T19:39:20.7035557Z [1mSTEP:[0m Adding additional IP addresses to each node [38;5;243m@ 06/17/24 19:39:20.703[0m
2024-06-17T19:39:20.9107750Z [1mSTEP:[0m Creating NodePort services [38;5;243m@ 06/17/24 19:39:20.91[0m
2024-06-17T19:39:21.0873564Z [1mSTEP:[0m Waiting for the endpoints to pop up [38;5;243m@ 06/17/24 19:39:21.087[0m
2024-06-17T19:39:22.0875831Z Jun 17 19:39:22.087: INFO: Waiting for amount of service:etp-local-svc endpoints to be 3
2024-06-17T19:39:23.0917471Z Jun 17 19:39:23.091: INFO: Waiting for amount of service:etp-cluster-svc endpoints to be 3
2024-06-17T19:39:23.0956266Z [1mSTEP:[0m Checking connectivity to the external container from egressIP pod ovn-control-plane-ep and verify that the source IP is the secondary NIC egress IP [38;5;243m@ 06/17/24 19:39:23.095[0m
2024-06-17T19:39:23.0957683Z Jun 17 19:39:23.095: INFO: Destination IPs for external container are ip=10.10.10.3
2024-06-17T19:39:23.0959558Z Jun 17 19:39:23.095: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=services-7471 exec ovn-control-plane-ep -- curl --connect-timeout 2 10.10.10.3:80'
2024-06-17T19:39:23.2002218Z Jun 17 19:39:23.199: INFO: stderr: " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 45 100 45 0 0 22500 0 --:--:-- --:--:-- --:--:-- 22500\n"
2024-06-17T19:39:23.2004641Z Jun 17 19:39:23.199: INFO: stdout: "<html><body><h1>It works!</h1></body></html>\n"
2024-06-17T19:39:23.2171745Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.2 via http [38;5;243m@ 06/17/24 19:39:23.216[0m
2024-06-17T19:39:23.2920264Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.3 via http [38;5;243m@ 06/17/24 19:39:23.291[0m
2024-06-17T19:39:23.3633013Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.4 via http [38;5;243m@ 06/17/24 19:39:23.362[0m
2024-06-17T19:39:23.4303588Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.1 via http [38;5;243m@ 06/17/24 19:39:23.43[0m
2024-06-17T19:39:23.5042660Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.2 via http [38;5;243m@ 06/17/24 19:39:23.503[0m
2024-06-17T19:39:23.5658722Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.3 via http [38;5;243m@ 06/17/24 19:39:23.565[0m
2024-06-17T19:39:23.6409246Z Jun 17 19:39:23.640: INFO: NodeIP of node ovn-control-plane is 172.18.0.2
2024-06-17T19:39:23.6410913Z [1mSTEP:[0m Hitting service nodeport etp-local-svc on 172.18.0.2 via http [38;5;243m@ 06/17/24 19:39:23.64[0m
2024-06-17T19:39:23.6412279Z Jun 17 19:39:23.640: INFO: map[172.18.0.6:{} fc00:f853:ccd:e793::6:{}]
2024-06-17T19:39:23.7136487Z Jun 17 19:39:23.713: INFO: Received srcIP: 172.18.0.6:44608
2024-06-17T19:39:23.7138889Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.2 via udp [38;5;243m@ 06/17/24 19:39:23.713[0m
2024-06-17T19:39:23.7901438Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.3 via udp [38;5;243m@ 06/17/24 19:39:23.789[0m
2024-06-17T19:39:23.8665737Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.0.4 via udp [38;5;243m@ 06/17/24 19:39:23.866[0m
2024-06-17T19:39:23.9359647Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.1 via udp [38;5;243m@ 06/17/24 19:39:23.935[0m
2024-06-17T19:39:24.0073690Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.2 via udp [38;5;243m@ 06/17/24 19:39:24.006[0m
2024-06-17T19:39:24.0779921Z [1mSTEP:[0m Hitting service etp-local-svc on 172.18.1.3 via udp [38;5;243m@ 06/17/24 19:39:24.077[0m
2024-06-17T19:39:24.1503667Z Jun 17 19:39:24.150: INFO: NodeIP of node ovn-control-plane is 172.18.0.2
2024-06-17T19:39:24.1504975Z [1mSTEP:[0m Hitting service nodeport etp-local-svc on 172.18.0.2 via udp [38;5;243m@ 06/17/24 19:39:24.15[0m
2024-06-17T19:39:24.1506695Z Jun 17 19:39:24.150: INFO: map[172.18.0.6:{} fc00:f853:ccd:e793::6:{}]
2024-06-17T19:39:24.2160127Z Jun 17 19:39:24.215: INFO: Received srcIP: 172.18.0.6:38090
2024-06-17T19:39:24.2161824Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.2 via http [38;5;243m@ 06/17/24 19:39:24.215[0m
2024-06-17T19:39:24.2865348Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.3 via http [38;5;243m@ 06/17/24 19:39:24.286[0m
2024-06-17T19:39:24.3681904Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.4 via http [38;5;243m@ 06/17/24 19:39:24.367[0m
2024-06-17T19:39:24.4392167Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.1 via http [38;5;243m@ 06/17/24 19:39:24.438[0m
2024-06-17T19:39:24.5155319Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.2 via http [38;5;243m@ 06/17/24 19:39:24.515[0m
2024-06-17T19:39:24.5867510Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.3 via http [38;5;243m@ 06/17/24 19:39:24.586[0m
2024-06-17T19:39:24.6691850Z Jun 17 19:39:24.668: INFO: NodeIP of node ovn-control-plane is 172.18.0.2
2024-06-17T19:39:24.6693507Z [1mSTEP:[0m Hitting service nodeport etp-cluster-svc on 172.18.0.2 via http [38;5;243m@ 06/17/24 19:39:24.668[0m
2024-06-17T19:39:24.6694779Z Jun 17 19:39:24.668: INFO: Mode is shared gateway OR service is ETP=cluster, so skipping srcIP verification
2024-06-17T19:39:24.6696634Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.2 via udp [38;5;243m@ 06/17/24 19:39:24.668[0m
2024-06-17T19:39:24.7441210Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.3 via udp [38;5;243m@ 06/17/24 19:39:24.743[0m
2024-06-17T19:39:24.8144401Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.0.4 via udp [38;5;243m@ 06/17/24 19:39:24.814[0m
2024-06-17T19:39:24.8860388Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.1 via udp [38;5;243m@ 06/17/24 19:39:24.885[0m
2024-06-17T19:39:24.9484854Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.2 via udp [38;5;243m@ 06/17/24 19:39:24.948[0m
2024-06-17T19:39:25.0167336Z [1mSTEP:[0m Hitting service etp-cluster-svc on 172.18.1.3 via udp [38;5;243m@ 06/17/24 19:39:25.016[0m
2024-06-17T19:39:25.0963214Z Jun 17 19:39:25.096: INFO: NodeIP of node ovn-control-plane is 172.18.0.2
2024-06-17T19:39:25.0964728Z [1mSTEP:[0m Hitting service nodeport etp-cluster-svc on 172.18.0.2 via udp [38;5;243m@ 06/17/24 19:39:25.096[0m
2024-06-17T19:39:25.0966443Z Jun 17 19:39:25.096: INFO: Mode is shared gateway OR service is ETP=cluster, so skipping srcIP verification
2024-06-17T19:39:25.0968351Z [1mSTEP:[0m Cleaning up external container [38;5;243m@ 06/17/24 19:39:25.096[0m
2024-06-17T19:39:25.5405653Z [1mSTEP:[0m Deleting additional IP addresses from nodes [38;5;243m@ 06/17/24 19:39:25.54[0m
2024-06-17T19:39:25.7917281Z [1mSTEP:[0m Deleting EgressIP Setup if any [38;5;243m@ 06/17/24 19:39:25.791[0m
2024-06-17T19:39:25.7923176Z Jun 17 19:39:25.791: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=default delete eip egressip --ignore-not-found=true'
2024-06-17T19:39:25.8898276Z Jun 17 19:39:25.889: INFO: stderr: "Warning: deleting cluster-scoped resources, not scoped to the provided namespace\n"
2024-06-17T19:39:25.8900351Z Jun 17 19:39:25.889: INFO: stdout: "egressip.k8s.ovn.org \"egressip\" deleted\n"
2024-06-17T19:39:25.8903332Z Jun 17 19:39:25.889: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=default label node ovn-control-plane k8s.ovn.org/egress-assignable-'
2024-06-17T19:39:25.9706402Z Jun 17 19:39:25.970: INFO: stderr: ""
2024-06-17T19:39:25.9707695Z Jun 17 19:39:25.970: INFO: stdout: "node/ovn-control-plane unlabeled\n"
2024-06-17T19:39:26.4012681Z Jun 17 19:39:26.400: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:36237 --kubeconfig=/home/runner/ovn.conf --namespace=ovn-kubernetes exec ovnkube-node-kjq8q -- /bin/sh -x -c ip addr del 192.0.2.202/32 dev lo || true'
2024-06-17T19:39:26.5136508Z Jun 17 19:39:26.513: INFO: stderr: "Defaulted container \"nb-ovsdb\" out of: nb-ovsdb, sb-ovsdb, ovn-northd, ovnkube-controller, ovn-controller, ovs-metrics-exporter\n+ ip addr del 192.0.2.202/32 dev lo\nRTNETLINK answers: Cannot assign requested address\n+ true\n"
2024-06-17T19:39:26.5139131Z Jun 17 19:39:26.513: INFO: stdout: ""
2024-06-17T19:39:26.5140143Z [1mSTEP:[0m Destroying namespace "services-7471" for this suite. [38;5;243m@ 06/17/24 19:39:26.513[0m
2024-06-17T19:39:26.5187769Z [38;5;10m• [16.054 seconds][0m
2024-06-17T19:39:26.5188505Z [38;5;243m------------------------------[0mverified, other two red lanes are not related to this PR merging this thanks @kyrtapz
The previous mask was invalid and docker was failing with: invalid subnet
2001:db8:abcd:1234:c000::/64: it should be2001:db8:abcd:1234::/64/cc @tssurya