Bug 2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition
Summary: MetalLB changes the shared external IP of a service upon updating the externa...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.10
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.11.0
Assignee: Mohamed Mahmoud
QA Contact: Arti Sood
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-16 19:44 UTC by Jose Castillo Lema
Modified: 2022-08-10 10:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-10 10:50:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github metallb metallb pull 1230 0 None open When services share IP, modifying any service should fail instead of allocating new svc IP 2022-02-17 22:28:25 UTC
Github openshift metallb pull 40 0 None open Bug 2055386: When services share IP, modifying any service should fail instead of allocating newIP 2022-03-02 16:17:08 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:50:35 UTC

Description Jose Castillo Lema 2022-02-16 19:44:00 UTC 
Description of problem:
We have two services sharing the same external IP (10.10.10.10):
$ oc get svc
NAME        TYPE      CLUSTER-IP    EXTERNAL-IP              PORT(S)                                                                                              AGE
uperf-service-tcp   LoadBalancer   172.30.5.230     10.10.10.10                            30000:31205/TCP   4m41s           
uperf-service-udp   LoadBalancer   172.30.175.221   10.10.10.10                            30000:30090/UDP   4m41s

Upon editing the first of them to change the externalTrafficPolicy definition, its external IP changes (10.10.10.11):
$ oc get svc
NAME        TYPE      CLUSTER-IP    EXTERNAL-IP              PORT(S)                                                                                              AGE
uperf-service-tcp   LoadBalancer   172.30.5.230     10.10.10.11                            30000:31205/TCP   4m41s           
uperf-service-udp   LoadBalancer   172.30.175.221   10.10.10.10                            30000:30090/UDP   4m41s

Version-Release number of selected component (if applicable):
OCP version: 4.10.0-rc.1
MetalLB version: 4.10.0-202201310820

How reproducible:
100%

Steps to Reproduce:
1. Create two services sharing an external IP
2. Update the externalTrafficPolicy definition of one of them

Actual results:
The external IP of the service changes

Expected results:
In order of preference:
1. The service gets updated and the external IP of the service does not change
2. If (1) it is not possible due to some implementation limitation, then the update of the service should fail, stating that is not possible to update the ETP of a service that is sharing its external IP. Imho it is better to reject the update than to allow it and change the external IP without warning.

Additional info:
It looks like the controller has properly identified the situation:
{"caller":"level.go:63","error":"can't change sharing key for \"default/uperf-service-tcp\", address also in use by default/uperf-service-udp","event":"clearAssignment","level":"info","msg":"current IP not allowed by config, clearing","service":"default/uperf-service-tcp","ts":"2022-02-16T19:11:06.262179646Z"}
Comment 6 errata-xmlrpc 2022-08-10 10:50:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.