StarlingX

External application resources not accessible due to firewall changes

Bug #2029376 reported by Andre Kantek
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Andre Kantek

Bug Description

Brief Description

It was detected that stx applications are not been able to access the k8s services L4 ports. They are been blocked by the firewall.

The latest change in the firewall set applyOnForward to true and it should have been false

Severity

Major

Steps to Reproduce

L4 access requests to a pod that is mapped to a k8s service should be accessible

Actual Behavior

requests fail

Reproducibility

Reproducible

System Configuration

AIO-SX, IPV4

Load info (eg: 2022-03-10_20-00-07)

Build ID: 2023-07-15_18-00-09

Last Pass

2023-07-13_18-00-09

Workaround

kubectl patch globalnetworkpolicy controller-oam-if-gnp --type=json -p='[{"op": "replace", "path": "/spec/applyOnForward", "value": false }]'

Andre Kantek (akantek)
Changed in starlingx:
assignee: nobody → Andre Kantek (akantek)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Issue related to: https://storyboard.openstack.org/#!/story/2010591

Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.9.0 stx.networking
Changed in starlingx:
status: New → In Progress
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Fixed by: https://review.opendev.org/c/starlingx/config/+/890203
Merged on Aug 2

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.