Skip to content

Automated cherry pick of #3371: Fix inability to access NodePort in particular case#3397

Merged
tnqn merged 1 commit into
antrea-io:release-1.5from
hongliangl:automated-cherry-pick-of-#3371-upstream-release-1.5
Mar 7, 2022
Merged

Automated cherry pick of #3371: Fix inability to access NodePort in particular case#3397
tnqn merged 1 commit into
antrea-io:release-1.5from
hongliangl:automated-cherry-pick-of-#3371-upstream-release-1.5

Conversation

@hongliangl
Copy link
Copy Markdown
Contributor

@hongliangl hongliangl commented Mar 4, 2022

Cherry pick of #3371 on release-1.5.

#3371: Fix inability to access NodePort in particular case

For details on the cherry pick process, see the cherry pick requests page.

@hongliangl hongliangl added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Mar 4, 2022
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 4, 2022
edited
Loading

Codecov Report

Merging #3397 (eb362e0) into release-1.5 (318ccde) will decrease coverage by 7.65%.
The diff coverage is 87.87%.

Impacted file tree graph

@@               Coverage Diff               @@
##           release-1.5    #3397      +/-   ##
===============================================
- Coverage        59.87%   52.21%   -7.66%     
===============================================
  Files              332      464     +132     
  Lines            28495    54702   +26207     
===============================================
+ Hits             17062    28565   +11503     
- Misses            9547    23676   +14129     
- Partials          1886     2461     +575
Flag Coverage Δ
e2e-tests 52.26% <87.87%> (?)
integration-tests 34.02% <ø> (?)
kind-e2e-tests 46.48% <70.83%> (-1.46%) ⬇️
unit-tests 41.43% <12.50%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/ovs/openflow/ofctrl_nxfields.go 67.24% <76.92%> (+1.85%) ⬆️
pkg/agent/openflow/pipeline.go 69.46% <92.30%> (-4.41%) ⬇️
pkg/ovs/openflow/ofctrl_action.go 69.57% <100.00%> (-0.01%) ⬇️
pkg/ovs/openflow/ofctrl_builder.go 63.38% <100.00%> (+4.16%) ⬆️
pkg/agent/cniserver/pod_configuration_linux.go 26.31% <0.00%> (-40.36%) ⬇️
pkg/controller/ipam/antrea_ipam_controller.go 48.71% <0.00%> (-31.57%) ⬇️
pkg/controller/networkpolicy/endpoint_querier.go 61.46% <0.00%> (-29.97%) ⬇️
pkg/controller/egress/controller.go 62.19% <0.00%> (-26.26%) ⬇️
.../registry/networkpolicy/clustergroupmember/rest.go 64.28% <0.00%> (-23.95%) ⬇️
pkg/agent/cniserver/ipam/antrea_ipam.go 55.55% <0.00%> (-23.62%) ⬇️
... and 430 more

@hongliangl
Copy link
Copy Markdown
Contributor Author

hongliangl commented Mar 4, 2022

/test-all-features-conformance
/test-conformance
/test-e2e
/test-flexible-ipam-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-networkpolicy
/test-ipv6-only-conformance
/test-ipv6-only-e2e
/test-ipv6-only-networkpolicy
/test-multicluster-e2e
/test-networkpolicy
/test-windows-conformance
/test-windows-e2e
/test-windows-networkpolicy
/test-windows-proxyall-e2e
/test-integration

@hongliangl
Fix inability to access NodePort in particular case
eb362e0 
When a Service NodePort and an Egress CRD has the same backend Pod, accessing
to the NodePort Service may fail in particular cases. Assume that the backend
Pod is on Node A and the Egress's external IP is on Node B. If an external
client (not any K8s Node) accesses the NodePort through IP of Node A where
the backend Pod is running, the access will fail. The root cause is that the
reply packets of NodePort is incorrectly matched by the flow installed by Egress
which is used to match the packets sourced from local Pods and destined for
tunneling to Node B. This PR fixes the issue by loading NXM_NX_REG0[0..3]
(PktSourceField, field to mark packet source) to NXM_NX_CT_MARK[0..3] when Service
connection is committed, then the reply packets of Service connection sourced
from Antrea gateway can be matched by NXM_NX_CT_MARK[0..3] and forced back to
Antrea gateway.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
@hongliangl hongliangl force-pushed the automated-cherry-pick-of-#3371-upstream-release-1.5 branch from 334dab3 to eb362e0 Compare March 4, 2022 13:25
@hongliangl
Copy link
Copy Markdown
Contributor Author

hongliangl commented Mar 6, 2022

/test-all-features-conformance
/test-conformance
/test-e2e
/test-flexible-ipam-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-networkpolicy
/test-ipv6-only-conformance
/test-ipv6-only-e2e
/test-ipv6-only-networkpolicy
/test-multicluster-e2e
/test-networkpolicy
/test-windows-conformance
/test-windows-e2e
/test-windows-networkpolicy
/test-windows-proxyall-e2e
/test-integration

@tnqn tnqn merged commit 8b2deb2 into antrea-io:release-1.5 Mar 7, 2022
@hongliangl hongliangl deleted the automated-cherry-pick-of-#3371-upstream-release-1.5 branch April 21, 2022 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnqn tnqn tnqn approved these changes

Assignees

No one assigned

Labels

kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hongliangl @codecov-commenter @tnqn