-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flannel always overwrites public-ip node annotation in Kubernetes on startup #712
Comments
I'm working on a fix for this which will check to see if the |
My fix could potentially cause a problem if the internal IP of the VM changes on reboot. Perhaps a second annotation to indicate that the IP is overridden would be good. |
or perhaps a kube node label would be more appropriate for this sort of configuration data. |
@maxx what about having better support for selecting the public IP for flannel to use? e.g. selecting the interface or external IP by passing in a regex to flanneld (i.e. it could be put in the daemonset) |
@tomdee In my situation, the external IP is stored in openstack metadata. It's not something that could be expressed in a regex and it's not assigned to any interface within the node. Flannel has to read this data from somewhere on startup. A node annotation is a good place (it obviously stores it there already). We just need another annotation which is an override which flannel won't overwrite with any presumed IP. |
@maxx that sounds reasonable - would you be able to submit a PR for this feature? Or if you can't write code, write the documentation for it? |
Any luck with that problem? I like "public-ip-override" sollution, it usable not only with OpenStack - my hosting provides eth0 with local ip, and public ip can't be easy acquired on the machine |
If you are using --hostname-override on the kubelet, have you tried making sure that its value has an entry in the host machines /etc/hosts file or that its able to be resolved correctly by your primary resolver? When it isn't defined ive experienced the inconsistent behavior described, however once it is, ive not experienced any issues, even with the daemonset method. If you have your kubelet sandboxed using the kubelet-wrapper and you're still having issues, try making sure the rkt args include --hosts-entry=host to have it use the nodes hosts file to test it. Some providers use public to mean the world accessible IP rather than the private ip which is what flannel wants which seems to be where this comes about. |
This may be useful if a nodes public IP can not determined, e.G. because it is behind a nat. Fixes flannel-io#712
This may be useful if a nodes public IP can not determined, e.G. because it is behind a nat. Fixes flannel-io#712
This may be useful if a nodes public IP can not determined, e.G. because it is behind a nat. Fixes flannel-io#712
This may be useful if a nodes public IP can not determined, e.G. because it is behind a nat. Fixes flannel-io#712
Fix #712, allow overwriting the public IP of a Kubernetes node
Hi, Your fix works - it sets
Flannel still defaults to the standard interface and IP. Do I have to change any of the parameters in the daemonset or configmap? |
Uhm. I guess only the logging is wrong there. Did you try if you can reach pods that are placed on the node you annotated? |
You're right - it's just the log. It didn't work right after that because I had to add some iptables rules to the host system. Thank you! |
Reopening until we have a separate issue to track the logging bug |
This is still causing me problems in environments where the public IP is different the the private IP. Is there any way to prevent flannel from always overwriting the Really wishing there were a --use-ip=w.x.y.z flag.. |
I'm working on the same issue right now. It looks like there is an override flag you can set as an annotation on the node: https://coreos.com/flannel/docs/latest/kubernetes.html The flag is this Update: I bet this is because I am using Flannel v0.9.1 which is in the kubeadm docs but the latest is v0.10.0 which seems to add the flag. I will check on this and then follow up. |
Fantastic information, thank you @wakawaka54! |
Looks like we are seeing the same behaviour in v0.10.0. Set the IP with:
and it is reset to the default on reboot. |
Yes. I am also seeing this issue.
Now I see that packet is supposed using the right interface eth1.31, but, the source IP address that is used in outer IP header is not right. It should have been 10.200.1.6
Before makikng annotation changes, VxLAN packets used leave from eth0 whose IP address used to be 172.17.4.197. And I see that the flannel that is being used is: |
@vasu-dasari I meet the same problem. Trying to change the annotation but it come back quickly. |
Hello, anyone has any solution to this? |
This still happens in 2020....... |
yeah im using Calico instead |
faced with similar issue using wireguard
|
This is an issue when running flannel inside kubernetes as a daemonset on VM's with differing internal and external IP addresses (openstack). There is no way to use the --public-ip argument to different hosts within a daemonset. The only other way to vary public-ip on a node is to use the node annotation (flannel.alpha.coreos.com/public-ip).
The problem is flannel overwrites this annotation every time it starts up with the internal IP of the host. This, with the inability to use --public-ip variations in daemonsets, means there is no way to set a different public-ip to be used with flannel in kubernetes.
I have a fix in mind (see below).
Expected Behavior
flannel.alpha.coreos.com/public-ip can be set manually and is not overwritten.
Current Behavior
flannel.alpha.coreos.com/public-ip is overwritten every time flannel starts regardless of it's previous state.
Possible Solution
Simply commenting this line fixes the problem on a node where flannel has been run before.
https://github.com/coreos/flannel/blob/master/subnet/kube/kube.go#L218
This allows us to set a custom public-ip and flannel will read it on startup.
Public-ip still needs to be set if it does not exist, so I propose we check for a public-ip-override and use the assumed IP only if it's not there.
Steps to Reproduce (for bugs)
kubectl annotate node <node name> flannel.alpha.coreos.com/public-ip=<some ip> --overwrite
Context
See above description.
Your Environment
The text was updated successfully, but these errors were encountered: