2042999 – A pod cannot reach kubernetes.default.svc.cluster.local cluster IP

Bug 2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP

Summary: A pod cannot reach kubernetes.default.svc.cluster.local cluster IP

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.11.0
Assignee:	ffernand
QA Contact:	Anurag saxena
Docs Contact:
URL:
Whiteboard:
Depends On:	2027874
Blocks:	2052017
TreeView+	depends on / blocked

Reported:	2022-01-20 13:04 UTC by Pablo Alonso Rodriguez
Modified:	2022-08-10 10:43 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2047416 2052017 (view as bug list)
Environment:
Last Closed:	2022-08-10 10:43:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift ovn-kubernetes pull 1010	None	Merged	[DownstreamMerge] Bug 2026461: 4-4-22 merge	2022-04-07 17:21:32 UTC
Github	openshift ovn-kubernetes pull 940	None	Merged	[DownstreamMerge] Downstream merge 2-1-22	2022-02-08 14:12:44 UTC
Github	ovn-org ovn-kubernetes pull 2773	None	Merged	Make sync failures fatal after retries	2022-02-10 19:50:38 UTC
Red Hat Product Errata	RHSA-2022:5069	None	None	None	2022-08-10 10:43:25 UTC

Description Pablo Alonso Rodriguez 2022-01-20 13:04:31 UTC

Description of problem:

One concrete pod is completely unable to reach the cluster IP of kubernetes.default.svc.cluster.local. The error is like this:

2022-01-20T11:08:48.475043081Z F0120 11:08:48.474981       1 cmd.go:72] unable to load configmap based request-header-client-ca-file: Get "https://172.30.0.1:443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication?timeout=10s": dial tcp 172.30.0.1:443: connect: no route to host

Analysis on the OVN data, comparing the wrong pod with a new one, didn't show anything obviously wrong.

Version-Release number of selected component (if applicable):

4.7.40

How reproducible:

Sometimes (not clear)

Steps to Reproduce:
(not clear)

Actual results:
One pod cannot reach kubernetes.default.svc.cluster.local

Expected results:
kubernetes.default.svc.cluster.local to be reachable

Additional info:

PLEASE BE CAREFUL WHILE CONSIDERING POTENTIAL DUPLICATES OF THIS BUG. We have already rolled out some known issues (like BZ#2019809) by installing the right backport. This is why it is crucial to not mark this as duplicate of any bug whose 4.7.z backport is already included in 4.7.40.

Detailed information will follow in attachments

Comment 11 ffernand 2022-01-25 20:30:59 UTC

Changes posted upstream:  https://github.com/ovn-org/ovn-kubernetes/pull/2773

Comment 20 ffernand 2022-02-08 14:12:45 UTC

Merged to 4.11 via PR https://github.com/openshift/ovn-kubernetes/pull/940

Comment 31 errata-xmlrpc 2022-08-10 10:43:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069

Note You need to log in before you can comment on or make changes to this bug.