Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.27] - coredns, metrics, nginx and snapshot validation services are always singleStack #4842

Closed
manuelbuil opened this issue Oct 5, 2023 · 1 comment
Closed

[Release-1.27] - coredns, metrics, nginx and snapshot validation services are always singleStack #4842

manuelbuil opened this issue Oct 5, 2023 · 1 comment
Assignees
@manuelbuil @ShylajaDevadiga
Milestone
v1.27.7+rke2r1

Comments

@manuelbuil
Copy link
Contributor

Backport fix for coredns, metrics, nginx and snapshot validation services are always singleStack
@manuelbuil manuelbuil self-assigned this Oct 5, 2023
@manuelbuil manuelbuil mentioned this issue Oct 5, 2023
Merged
@manuelbuil manuelbuil added this to the v1.27.7+rke2r1 milestone Oct 5, 2023
@ShylajaDevadiga
Copy link
Contributor

Validated using rke2 version v1.27.7-rc2+rke2r1

Environment Details

Infrastructure
Cloud EC2 instance

Node(s) CPU architecture, OS, and Version:
Ubuntu 22.04

Cluster Configuration:
3 server 1 agent

Config.yaml:

$ cat config.yaml 
node-ip: <IPv6>,<ipv4>
token: <TOKEN>
write-kubeconfig-mode: 644
cluster-cidr: 2001:cafe:42:0::/56,10.42.0.0/16
service-cidr: 2001:cafe:42:1::/112,10.43.0.0/16

Steps to reproduce the issue and validate the fix

  1. Copy config.yaml
  2. Install rke2

Validation results:
Services have ipv6 address, based on the order in node-ip flag in the config.yaml

$ kubectl get svc -A
NAMESPACE     NAME                                      TYPE        CLUSTER-IP             EXTERNAL-IP   PORT(S)         AGE
default       kubernetes                                ClusterIP   2001:cafe:42:1::1      <none>        443/TCP         24m
kube-system   rke2-coredns-rke2-coredns                 ClusterIP   2001:cafe:42:1::a      <none>        53/UDP,53/TCP   24m
kube-system   rke2-ingress-nginx-controller-admission   ClusterIP   2001:cafe:42:1::83ad   <none>        443/TCP         23m
kube-system   rke2-metrics-server                       ClusterIP   2001:cafe:42:1::6100   <none>        443/TCP         23m
kube-system   rke2-snapshot-validation-webhook          ClusterIP   2001:cafe:42:1::ff55   <none>        443/TCP         23m

Services have PreferDualStack in dualstack mode

$ kubectl describe svc -n kube-system    |grep  -i family -A4 -B2
Selector:          app.kubernetes.io/instance=rke2-coredns,app.kubernetes.io/name=rke2-coredns,k8s-app=kube-dns
Type:              ClusterIP
IP Family Policy:  PreferDualStack
IP Families:       IPv6,IPv4
IP:                2001:cafe:42:1::a
IPs:               2001:cafe:42:1::a,10.43.0.10
Port:              udp-53  53/UDP
--
Selector:          app.kubernetes.io/component=controller,app.kubernetes.io/instance=rke2-ingress-nginx,app.kubernetes.io/name=rke2-ingress-nginx
Type:              ClusterIP
IP Family Policy:  PreferDualStack
IP Families:       IPv6,IPv4
IP:                2001:cafe:42:1::83ad
IPs:               2001:cafe:42:1::83ad,10.43.117.25
Port:              https-webhook  443/TCP
--
Selector:          app=rke2-metrics-server,release=rke2-metrics-server
Type:              ClusterIP
IP Family Policy:  PreferDualStack
IP Families:       IPv6,IPv4
IP:                2001:cafe:42:1::6100
IPs:               2001:cafe:42:1::6100,10.43.152.54
Port:              <unset>  443/TCP
--
Selector:          app.kubernetes.io/instance=rke2-snapshot-validation-webhook,app.kubernetes.io/name=rke2-snapshot-validation-webhook
Type:              ClusterIP
IP Family Policy:  PreferDualStack
IP Families:       IPv6,IPv4
IP:                2001:cafe:42:1::ff55
IPs:               2001:cafe:42:1::ff55,10.43.187.33
Port:              https  443/TCP

Pods have ipv6 as well as ipv4 IP

$ kubectl describe pod -A |grep -i IPs -A3

...
IPs:
  IP:           <IPv6 REDACTED>
  IP:           192.168.21.37
Controlled By:  DaemonSet/rke2-canal
--
                      cni.projectcalico.org/podIPs: 10.42.0.5/32,2001:cafe:42::5/128
                      scheduler.alpha.kubernetes.io/tolerations: [{"key":"CriticalAddonsOnly", "operator":"Exists"}]
Status:               Running
IP:                   2001:cafe:42::5
IPs:
  IP:           2001:cafe:42::5
  IP:           10.42.0.5
Controlled By:  ReplicaSet/rke2-coredns-rke2-coredns-autoscaler-6f97df447
--
...

Validated pod to pod communication

$ kubectl exec -it multitool-deployment-755d68d775-2b9d7  bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
bash-5.1# ping 2001:cafe:42:3::3
PING 2001:cafe:42:3::3(2001:cafe:42:3::3) 56 data bytes
64 bytes from 2001:cafe:42:3::3: icmp_seq=1 ttl=62 time=0.502 ms
^C
--- 2001:cafe:42:3::3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.502/0.502/0.502/0.000 ms
bash-5.1# ping 2001:cafe:42:2::4
PING 2001:cafe:42:2::4(2001:cafe:42:2::4) 56 data bytes
64 bytes from 2001:cafe:42:2::4: icmp_seq=1 ttl=62 time=0.719 ms
^C
--- 2001:cafe:42:2::4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.719/0.719/0.719/0.000 ms
bash-5.1#

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manuelbuil manuelbuil

@ShylajaDevadiga ShylajaDevadiga

Labels
None yet
Projects
None yet
Milestone
v1.27.7+rke2r1
Development

No branches or pull requests
2 participants
@manuelbuil @ShylajaDevadiga