OCPBUGS-64697: [release-4.20] Referencing pod named ports within a service results in bad DNAT rules containing tcp/0 target port

[ricky-rav]

• upstream PR: OCPBUGS-59552: Referencing pod named ports within a service results in bad DNAT rules containing tcp/0 target port ovn-kubernetes/ovn-kubernetes#5583
• downstream PR (4.21): OCPBUGS-61865, OCPBUGS-62636, OCPBUGS-59552: DownStream Merge [10-19-2025] #2817

Two conflicts:

Conflict 1

In downstream ovn-k makeNodeSwitchTargetIPs takes service *corev1.Service as its first input argument. This is a downstream hack for openshift.

$ git cherry-pick -x 06515935075a54a58191d32f95cc8911d7ab86fb 282b01ec669fa0311e46acbb22a48bc687a99a1d 651759c59efbf391956779d5b080654782659f9a 2fff3669b65ed60dc13b28e655ac93561029303e cd70830024d82f03ae1e9c3c8b9b2560a0869fd5
Auto-merging go-controller/pkg/node/gateway_shared_intf.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config.go
CONFLICT (content): Merge conflict in go-controller/pkg/ovn/controller/services/lb_config.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
error: could not apply 065159350... Fix named port handling in externalTrafficPolicy Local services
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"


$ git diff
diff --cc go-controller/pkg/ovn/controller/services/lb_config.go
index b6bbd833b,c58b278e4..000000000
--- a/go-controller/pkg/ovn/controller/services/lb_config.go
+++ b/go-controller/pkg/ovn/controller/services/lb_config.go
@@@ -44,13 -43,7 +44,17 @@@ type lbConfig struct 
        hasNodePort bool
  }
  
++<<<<<<< HEAD
 +type lbEndpoints struct {
 +      Port  int32
 +      V4IPs []string
 +      V6IPs []string
 +}
 +
 +func makeNodeSwitchTargetIPs(service *corev1.Service, node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++=======
+ func makeNodeSwitchTargetIPs(node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++>>>>>>> 065159350 (Fix named port handling in externalTrafficPolicy Local services)
        targetIPsV4 = c.clusterEndpoints.V4IPs
        targetIPsV6 = c.clusterEndpoints.V6IPs

Conflict 2

Three functions in test/e2e/service.go needed to be added manually: WaitForServingAndReadyServiceEndpointsNum,
countServingAndReadyEndpointsSlicesNum, getServingAndReadyEndpointSliceAddresses.

$ git cherry-pick --continue
[OCPBUGS-64697test d6896892d] Fix named port handling in externalTrafficPolicy Local services
 Author: Andreas Karis <ak.karis@gmail.com>
 Date: Tue Sep 23 20:26:50 2025 +0200
 10 files changed, 742 insertions(+), 398 deletions(-)
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
[OCPBUGS-64697test 8ed6bdd79] Extends unit test coverage for named port handling in ETP local
 Author: Andreas Karis <ak.karis@gmail.com>
 Date: Tue Sep 23 20:27:27 2025 +0200
 3 files changed, 438 insertions(+), 3 deletions(-)
Auto-merging test/e2e/service.go
Auto-merging test/e2e/util.go
[OCPBUGS-64697test df516cdd8] E2E service: Move checkNumberOf.. to util.go
 Author: Andreas Karis <ak.karis@gmail.com>
 Date: Fri Sep 26 17:51:49 2025 +0200
 2 files changed, 33 insertions(+), 24 deletions(-)
Auto-merging test/e2e/service.go
[OCPBUGS-64697test 64e1ed922] E2E service: Fix potential flake in conn to an ext IP using src port
 Author: Andreas Karis <ak.karis@gmail.com>
 Date: Fri Sep 26 11:27:32 2025 +0200
 1 file changed, 17 insertions(+), 6 deletions(-)
Auto-merging test/e2e/service.go
CONFLICT (content): Merge conflict in test/e2e/service.go
Auto-merging test/e2e/util.go
error: could not apply cd7083002... E2E service: Add test for named port handling with ETP=Local services

$ git diff
diff --cc test/e2e/service.go
index 0d734d05d,069dd6794..000000000
--- a/test/e2e/service.go
+++ b/test/e2e/service.go
[...]
++<<<<<<< HEAD
++=======
+ 
+ // WaitForServingAndReadyServiceEndpointsNum waits until there are EndpointSlices for serviceName
+ // containing a total of expectNum endpoints which are in both serving and ready state.
+ // (If the service is dual-stack, expectNum must count the endpoints of both IP families.)
+ func WaitForServingAndReadyServiceEndpointsNum(ctx context.Context, c clientset.Interface, namespace, serviceName string, expectNum int, interval, timeout time.Duration) error {
+       return wait.PollUntilContextTimeout(ctx, interval, timeout, false, func(ctx context.Context) (bool, error) {
+               framework.Logf("Waiting for amount of service:%s endpoints to be %d", serviceName, expectNum)
+               esList, err := c.DiscoveryV1().EndpointSlices(namespace).List(ctx, metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", discoveryv1.LabelServiceName, serviceName)})
+               if err != nil {
+                       framework.Logf("Unexpected error trying to get EndpointSlices for %s : %v", serviceName, err)
+                       return false, nil
+               }
+ 
+               if len(esList.Items) == 0 {
+                       if expectNum == 0 {
+                               return true, nil
+                       }
+                       framework.Logf("Waiting for at least 1 EndpointSlice to exist")
+                       return false, nil
+               }
+ 
+               ready := countServingAndReadyEndpointsSlicesNum(esList)
+               if ready != expectNum {
+                       framework.Logf("Unexpected number of Serving And Ready Endpoints on Slices, got %d, expected %d", ready, expectNum)
+                       return false, nil
+               }
+               return true, nil
+       })
+ }
+ 
+ func countServingAndReadyEndpointsSlicesNum(epList *discoveryv1.EndpointSliceList) int {
+       // Only count unique addresses that are Ready and not Terminating
+       addresses := sets.New[string]()
+       for _, epSlice := range epList.Items {
+               addresses = addresses.Union(getServingAndReadyEndpointSliceAddresses(epSlice))
+       }
+       return addresses.Len()
+ }
+ 
+ func getServingAndReadyEndpointSliceAddresses(epSlice discoveryv1.EndpointSlice) sets.Set[string] {
+       addresses := sets.New[string]()
+       for _, ep := range epSlice.Endpoints {
+               cond := ep.Conditions
+               ready := cond.Ready == nil || *cond.Ready
+               serving := cond.Serving == nil || *cond.Serving
+               terminating := cond.Terminating != nil && *cond.Terminating
+               if !ready || !serving || terminating {
+                       continue
+               }
+               if len(ep.Addresses) == 0 || ep.Addresses[0] == "" {
+                       continue
+               }
+               addresses.Insert(ep.Addresses[0])
+       }
+       return addresses
+ }
++>>>>>>> cd7083002 (E2E service: Add test for named port handling with ETP=Local services)

[openshift-ci-robot]

@ricky-rav: This pull request references Jira Issue OCPBUGS-64697, which is invalid:

• release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
• expected dependent Jira Issue OCPBUGS-59552 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

• upstream PR: OCPBUGS-59552: Referencing pod named ports within a service results in bad DNAT rules containing tcp/0 target port ovn-kubernetes/ovn-kubernetes#5583
• downstream PR (4.21): OCPBUGS-61865, OCPBUGS-62636, OCPBUGS-59552: DownStream Merge [10-19-2025] #2817

Two conflicts:

Conflict 1

In downstream ovn-k makeNodeSwitchTargetIPs takes service *corev1.Service as its first input argument. This is a downstream hack for openshift.

$ git cherry-pick -x 06515935075a54a58191d32f95cc8911d7ab86fb 282b01ec669fa0311e46acbb22a48bc687a99a1d 651759c59efbf391956779d5b080654782659f9a 2fff3669b65ed60dc13b28e655ac93561029303e cd70830024d82f03ae1e9c3c8b9b2560a0869fd5
Auto-merging go-controller/pkg/node/gateway_shared_intf.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config.go
CONFLICT (content): Merge conflict in go-controller/pkg/ovn/controller/services/lb_config.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
error: could not apply 065159350... Fix named port handling in externalTrafficPolicy Local services
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"


$ git diff
diff --cc go-controller/pkg/ovn/controller/services/lb_config.go
index b6bbd833b,c58b278e4..000000000
--- a/go-controller/pkg/ovn/controller/services/lb_config.go
+++ b/go-controller/pkg/ovn/controller/services/lb_config.go
@@@ -44,13 -43,7 +44,17 @@@ type lbConfig struct 
       hasNodePort bool
 }
 
++<<<<<<< HEAD
+type lbEndpoints struct {
+      Port  int32
+      V4IPs []string
+      V6IPs []string
+}
+
+func makeNodeSwitchTargetIPs(service *corev1.Service, node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++=======
+ func makeNodeSwitchTargetIPs(node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++>>>>>>> 065159350 (Fix named port handling in externalTrafficPolicy Local services)
       targetIPsV4 = c.clusterEndpoints.V4IPs
       targetIPsV6 = c.clusterEndpoints.V6IPs

Conflict 2

Three functions in test/e2e/service.go needed to be added manually: WaitForServingAndReadyServiceEndpointsNum,
countServingAndReadyEndpointsSlicesNum, getServingAndReadyEndpointSliceAddresses.

$ git cherry-pick --continue
[OCPBUGS-64697test d6896892d] Fix named port handling in externalTrafficPolicy Local services
Author: Andreas Karis <ak.karis@gmail.com>
Date: Tue Sep 23 20:26:50 2025 +0200
10 files changed, 742 insertions(+), 398 deletions(-)
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
[OCPBUGS-64697test 8ed6bdd79] Extends unit test coverage for named port handling in ETP local
Author: Andreas Karis <ak.karis@gmail.com>
Date: Tue Sep 23 20:27:27 2025 +0200
3 files changed, 438 insertions(+), 3 deletions(-)
Auto-merging test/e2e/service.go
Auto-merging test/e2e/util.go
[OCPBUGS-64697test df516cdd8] E2E service: Move checkNumberOf.. to util.go
Author: Andreas Karis <ak.karis@gmail.com>
Date: Fri Sep 26 17:51:49 2025 +0200
2 files changed, 33 insertions(+), 24 deletions(-)
Auto-merging test/e2e/service.go
[OCPBUGS-64697test 64e1ed922] E2E service: Fix potential flake in conn to an ext IP using src port
Author: Andreas Karis <ak.karis@gmail.com>
Date: Fri Sep 26 11:27:32 2025 +0200
1 file changed, 17 insertions(+), 6 deletions(-)
Auto-merging test/e2e/service.go
CONFLICT (content): Merge conflict in test/e2e/service.go
Auto-merging test/e2e/util.go
error: could not apply cd7083002... E2E service: Add test for named port handling with ETP=Local services

$ git diff
diff --cc test/e2e/service.go
index 0d734d05d,069dd6794..000000000
--- a/test/e2e/service.go
+++ b/test/e2e/service.go
[...]
++<<<<<<< HEAD
++=======
+ 
+ // WaitForServingAndReadyServiceEndpointsNum waits until there are EndpointSlices for serviceName
+ // containing a total of expectNum endpoints which are in both serving and ready state.
+ // (If the service is dual-stack, expectNum must count the endpoints of both IP families.)
+ func WaitForServingAndReadyServiceEndpointsNum(ctx context.Context, c clientset.Interface, namespace, serviceName string, expectNum int, interval, timeout time.Duration) error {
+       return wait.PollUntilContextTimeout(ctx, interval, timeout, false, func(ctx context.Context) (bool, error) {
+               framework.Logf("Waiting for amount of service:%s endpoints to be %d", serviceName, expectNum)
+               esList, err := c.DiscoveryV1().EndpointSlices(namespace).List(ctx, metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", discoveryv1.LabelServiceName, serviceName)})
+               if err != nil {
+                       framework.Logf("Unexpected error trying to get EndpointSlices for %s : %v", serviceName, err)
+                       return false, nil
+               }
+ 
+               if len(esList.Items) == 0 {
+                       if expectNum == 0 {
+                               return true, nil
+                       }
+                       framework.Logf("Waiting for at least 1 EndpointSlice to exist")
+                       return false, nil
+               }
+ 
+               ready := countServingAndReadyEndpointsSlicesNum(esList)
+               if ready != expectNum {
+                       framework.Logf("Unexpected number of Serving And Ready Endpoints on Slices, got %d, expected %d", ready, expectNum)
+                       return false, nil
+               }
+               return true, nil
+       })
+ }
+ 
+ func countServingAndReadyEndpointsSlicesNum(epList *discoveryv1.EndpointSliceList) int {
+       // Only count unique addresses that are Ready and not Terminating
+       addresses := sets.New[string]()
+       for _, epSlice := range epList.Items {
+               addresses = addresses.Union(getServingAndReadyEndpointSliceAddresses(epSlice))
+       }
+       return addresses.Len()
+ }
+ 
+ func getServingAndReadyEndpointSliceAddresses(epSlice discoveryv1.EndpointSlice) sets.Set[string] {
+       addresses := sets.New[string]()
+       for _, ep := range epSlice.Endpoints {
+               cond := ep.Conditions
+               ready := cond.Ready == nil || *cond.Ready
+               serving := cond.Serving == nil || *cond.Serving
+               terminating := cond.Terminating != nil && *cond.Terminating
+               if !ready || !serving || terminating {
+                       continue
+               }
+               if len(ep.Addresses) == 0 || ep.Addresses[0] == "" {
+                       continue
+               }
+               addresses.Insert(ep.Addresses[0])
+       }
+       return addresses
+ }
++>>>>>>> cd7083002 (E2E service: Add test for named port handling with ETP=Local services)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ricky-rav]

/jira refresh

[openshift-ci-robot]

@ricky-rav: This pull request references Jira Issue OCPBUGS-64697, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-59552 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-59552 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0
• bug has dependents

Requesting review from QA contact:
/cc @Meina-rh

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ricky-rav]

/retest-required

[ricky-rav]

/retest-required

[Meina-rh]

/retest-required

[Meina-rh]

/verified by @Meina-rh

[openshift-ci-robot]

@Meina-rh: This PR has been marked as verified by @Meina-rh.

Details

In response to this:

/verified by @Meina-rh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ricky-rav]

/retest-required

[ricky-rav]

/retest-required

[ricky-rav]

/payload 4.20 ci blocking
/payload 4.20 nightly blocking

[openshift-ci]

@ricky-rav: trigger 5 job(s) of type blocking for the ci release of OCP 4.20

• periodic-ci-openshift-release-master-ci-4.20-upgrade-from-stable-4.19-e2e-aws-ovn-upgrade
• periodic-ci-openshift-release-master-ci-4.20-upgrade-from-stable-4.19-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-master-ci-4.20-e2e-gcp-ovn-upgrade
• periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aks
• periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aws-ovn

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/6bacbc60-bc30-11f0-9dfe-136ed4410777-0

trigger 13 job(s) of type blocking for the nightly release of OCP 4.20

• periodic-ci-openshift-release-master-nightly-4.20-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-master-nightly-4.20-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-master-ci-4.20-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-master-ci-4.20-e2e-aws-ovn-techpreview
• periodic-ci-openshift-release-master-ci-4.20-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-master-ci-4.20-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-master-ci-4.20-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-release-master-nightly-4.20-e2e-aws-ovn-upgrade-fips
• periodic-ci-openshift-release-master-ci-4.20-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-master-ci-4.20-upgrade-from-stable-4.19-e2e-gcp-ovn-rt-upgrade
• periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aws-ovn-conformance
• periodic-ci-openshift-release-master-nightly-4.20-e2e-metal-ipi-ovn-bm
• periodic-ci-openshift-release-master-nightly-4.20-e2e-metal-ipi-ovn-ipv6

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/6bacbc60-bc30-11f0-9dfe-136ed4410777-1

[jluhrsen]

/payload-job periodic-ci-openshift-release-master-ci-4.20-e2e-azure-ovn-upgrade
/payload-job periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aws-ovn-conformance

[openshift-ci]

@jluhrsen: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-master-ci-4.20-e2e-azure-ovn-upgrade
• periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aws-ovn-conformance

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/ec37c500-be7e-11f0-9d6a-220802a21fa5-0

[ricky-rav]

/payload-job periodic-ci-openshift-release-master-ci-4.20-e2e-gcp-ovn-upgrade
/payload-job periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aks

[openshift-ci]

@ricky-rav: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-master-ci-4.20-e2e-gcp-ovn-upgrade
• periodic-ci-openshift-hypershift-release-4.20-periodics-e2e-aks

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/3d10dac0-bfa1-11f0-84b9-2440655d8703-0

[ricky-rav]

/assign @jcaamano

[jcaamano]

/lgtm
/approve
/label backport-risk-assessed
/override ci/prow/lint

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jcaamano, ricky-rav

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jcaamano]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@jcaamano: Overrode contexts on behalf of jcaamano: ci/prow/lint

Details

In response to this:

/lgtm
/approve
/label backport-risk-assessed
/override ci/prow/lint

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 27e34ff and 2 for PR HEAD a3a4827 in total

[ricky-rav]

/retest-required

[openshift-ci]

@ricky-rav: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	a3a4827	link	false	/test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[ricky-rav]

/retest-required

[openshift-ci-robot]

@ricky-rav: Jira Issue Verification Checks: Jira Issue OCPBUGS-64697
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-64697 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

• upstream PR: OCPBUGS-59552: Referencing pod named ports within a service results in bad DNAT rules containing tcp/0 target port ovn-kubernetes/ovn-kubernetes#5583
• downstream PR (4.21): OCPBUGS-61865, OCPBUGS-62636, OCPBUGS-59552: DownStream Merge [10-19-2025] #2817

Two conflicts:

Conflict 1

In downstream ovn-k makeNodeSwitchTargetIPs takes service *corev1.Service as its first input argument. This is a downstream hack for openshift.

$ git cherry-pick -x 06515935075a54a58191d32f95cc8911d7ab86fb 282b01ec669fa0311e46acbb22a48bc687a99a1d 651759c59efbf391956779d5b080654782659f9a 2fff3669b65ed60dc13b28e655ac93561029303e cd70830024d82f03ae1e9c3c8b9b2560a0869fd5
Auto-merging go-controller/pkg/node/gateway_shared_intf.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config.go
CONFLICT (content): Merge conflict in go-controller/pkg/ovn/controller/services/lb_config.go
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
error: could not apply 065159350... Fix named port handling in externalTrafficPolicy Local services
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"


$ git diff
diff --cc go-controller/pkg/ovn/controller/services/lb_config.go
index b6bbd833b,c58b278e4..000000000
--- a/go-controller/pkg/ovn/controller/services/lb_config.go
+++ b/go-controller/pkg/ovn/controller/services/lb_config.go
@@@ -44,13 -43,7 +44,17 @@@ type lbConfig struct 
       hasNodePort bool
 }
 
++<<<<<<< HEAD
+type lbEndpoints struct {
+      Port  int32
+      V4IPs []string
+      V6IPs []string
+}
+
+func makeNodeSwitchTargetIPs(service *corev1.Service, node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++=======
+ func makeNodeSwitchTargetIPs(node string, c *lbConfig) (targetIPsV4, targetIPsV6 []string, v4Changed, v6Changed bool) {
++>>>>>>> 065159350 (Fix named port handling in externalTrafficPolicy Local services)
       targetIPsV4 = c.clusterEndpoints.V4IPs
       targetIPsV6 = c.clusterEndpoints.V6IPs

Conflict 2

Three functions in test/e2e/service.go needed to be added manually: WaitForServingAndReadyServiceEndpointsNum,
countServingAndReadyEndpointsSlicesNum, getServingAndReadyEndpointSliceAddresses.

$ git cherry-pick --continue
[OCPBUGS-64697test d6896892d] Fix named port handling in externalTrafficPolicy Local services
Author: Andreas Karis <ak.karis@gmail.com>
Date: Tue Sep 23 20:26:50 2025 +0200
10 files changed, 742 insertions(+), 398 deletions(-)
Auto-merging go-controller/pkg/ovn/controller/services/lb_config_test.go
[OCPBUGS-64697test 8ed6bdd79] Extends unit test coverage for named port handling in ETP local
Author: Andreas Karis <ak.karis@gmail.com>
Date: Tue Sep 23 20:27:27 2025 +0200
3 files changed, 438 insertions(+), 3 deletions(-)
Auto-merging test/e2e/service.go
Auto-merging test/e2e/util.go
[OCPBUGS-64697test df516cdd8] E2E service: Move checkNumberOf.. to util.go
Author: Andreas Karis <ak.karis@gmail.com>
Date: Fri Sep 26 17:51:49 2025 +0200
2 files changed, 33 insertions(+), 24 deletions(-)
Auto-merging test/e2e/service.go
[OCPBUGS-64697test 64e1ed922] E2E service: Fix potential flake in conn to an ext IP using src port
Author: Andreas Karis <ak.karis@gmail.com>
Date: Fri Sep 26 11:27:32 2025 +0200
1 file changed, 17 insertions(+), 6 deletions(-)
Auto-merging test/e2e/service.go
CONFLICT (content): Merge conflict in test/e2e/service.go
Auto-merging test/e2e/util.go
error: could not apply cd7083002... E2E service: Add test for named port handling with ETP=Local services

$ git diff
diff --cc test/e2e/service.go
index 0d734d05d,069dd6794..000000000
--- a/test/e2e/service.go
+++ b/test/e2e/service.go
[...]
++<<<<<<< HEAD
++=======
+ 
+ // WaitForServingAndReadyServiceEndpointsNum waits until there are EndpointSlices for serviceName
+ // containing a total of expectNum endpoints which are in both serving and ready state.
+ // (If the service is dual-stack, expectNum must count the endpoints of both IP families.)
+ func WaitForServingAndReadyServiceEndpointsNum(ctx context.Context, c clientset.Interface, namespace, serviceName string, expectNum int, interval, timeout time.Duration) error {
+       return wait.PollUntilContextTimeout(ctx, interval, timeout, false, func(ctx context.Context) (bool, error) {
+               framework.Logf("Waiting for amount of service:%s endpoints to be %d", serviceName, expectNum)
+               esList, err := c.DiscoveryV1().EndpointSlices(namespace).List(ctx, metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", discoveryv1.LabelServiceName, serviceName)})
+               if err != nil {
+                       framework.Logf("Unexpected error trying to get EndpointSlices for %s : %v", serviceName, err)
+                       return false, nil
+               }
+ 
+               if len(esList.Items) == 0 {
+                       if expectNum == 0 {
+                               return true, nil
+                       }
+                       framework.Logf("Waiting for at least 1 EndpointSlice to exist")
+                       return false, nil
+               }
+ 
+               ready := countServingAndReadyEndpointsSlicesNum(esList)
+               if ready != expectNum {
+                       framework.Logf("Unexpected number of Serving And Ready Endpoints on Slices, got %d, expected %d", ready, expectNum)
+                       return false, nil
+               }
+               return true, nil
+       })
+ }
+ 
+ func countServingAndReadyEndpointsSlicesNum(epList *discoveryv1.EndpointSliceList) int {
+       // Only count unique addresses that are Ready and not Terminating
+       addresses := sets.New[string]()
+       for _, epSlice := range epList.Items {
+               addresses = addresses.Union(getServingAndReadyEndpointSliceAddresses(epSlice))
+       }
+       return addresses.Len()
+ }
+ 
+ func getServingAndReadyEndpointSliceAddresses(epSlice discoveryv1.EndpointSlice) sets.Set[string] {
+       addresses := sets.New[string]()
+       for _, ep := range epSlice.Endpoints {
+               cond := ep.Conditions
+               ready := cond.Ready == nil || *cond.Ready
+               serving := cond.Serving == nil || *cond.Serving
+               terminating := cond.Terminating != nil && *cond.Terminating
+               if !ready || !serving || terminating {
+                       continue
+               }
+               if len(ep.Addresses) == 0 || ep.Addresses[0] == "" {
+                       continue
+               }
+               addresses.Insert(ep.Addresses[0])
+       }
+       return addresses
+ }
++>>>>>>> cd7083002 (E2E service: Add test for named port handling with ETP=Local services)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-robot]

Fix included in accepted release 4.20.0-0.nightly-2025-11-15-175712