Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: network policies break internal cluster communication on OpenShift #26

Open
astefanutti opened this issue Apr 3, 2023 · 2 comments
Open

bug: network policies break internal cluster communication on OpenShift #26

astefanutti opened this issue Apr 3, 2023 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@astefanutti
Copy link
Member

astefanutti commented Apr 3, 2023
edited
Loading

Describe the bug

The network policies that are created by the kcp-dns deployments for each workspace break intra-cluster communication on OpenShift, with the following errors in the kcp-dns-xxx deployments:

[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:50962->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:50318->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:40727->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:35334->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:57903->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:37753->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:58677->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:58091->172.30.0.10:53: i/o timeout

Steps To Reproduce

  1. Create a sync target that points to an OpenShift cluster
  2. Deploy the syncer components on that OpenShift cluster
  3. Create a namespace that's scheduled in that OpenShift cluster
  4. Create a deployment that resolves hostnames internal to the cluster

Expected Behaviour

The network policies should be compatible with OpenShift internal networking.

Additional Context

Deleting the network policies fixes the issue.
@astefanutti astefanutti added the kind/bug Categorizes issue or PR as related to a bug. label Apr 3, 2023
@mjudeikis
Copy link
Contributor

/transfer-issue contrib-tmc

1 similar comment
@mjudeikis
Copy link
Contributor

/transfer-issue contrib-tmc

@kcp-ci-bot kcp-ci-bot transferred this issue from kcp-dev/kcp Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
kcp
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@astefanutti @mjudeikis