New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Expose VIP in the specified VLAN #1762
Comments
Related discussion #1239 (comment) |
By version 1.0.0, the VIPs are only reachable directly in the LAN of the harvester hosts., not across VLAN, so you need to add the routes to prove the reachability between the VLAN network and the LAN of the harvester hosts. |
@yaocw2020 We are not trying to reach VIP across VLAN. We just expect the VIP to be reachable from within the VLAN attached to the VMs/cluster. There is no other local network besides the harvester-mgmt network. We are following recommendation of using a trunk port on the switch. Could you please describe the Harvester configuration / network architecture required to announce the VIP on a given VLAN available on the switch ? |
The kube-vip sends the gratuitous arp without a VLAN tag from the VIP interface. The arp broadcasts in the LAN of the harvester hosts, not in any VLAN network because it has no VLAN tag, which means the VIPs are only reachable directly in the LAN of the harvester hosts. This seems to not be related to the network architecture. |
@yaocw2020 I made a test configuring a VIP pool in the |
Additional information: Loadbalancer VIP is not reachable from other hosts in the VLAN network:
|
@yaocw2020 it sounds like this request may add complexity to kube-vip and may? need a separate/kube-vip infrastructure to support this use case which is absolutely necessary. |
How about adding the kube-vip into the rancher marketplace or embedding it into rke2? The kube-vip deployed in the guester cluster will allow users to epose the app via the LB on the VLAN without the route from harvester host to VLAN network. |
Does this belong into https://github.com/harvester/load-balancer-harvester ? |
Unfortunately, that approach moves us away from the "Cloud Provider" experience. |
Because the address of the Harvester load balancer is exposed by the arp broadcasting in the LAN of harvester hosts, if we want to access it from the VLAN network, we should prove the network path |
@janeczku @abonillabeeche I convert this issue to a feature instead of a bug. |
Pre Ready-For-Testing Checklist
|
Automation e2e test issue: harvester/tests#852 |
validation issue And what would be the best test plan to follow for the validation? |
Test PlanAfter discussion, we come out the following test plan Test Path
Test environment
Test steps (External Rancher)
Test steps (Embedded Rancher)
|
Test Information
Suggest we can enhance the select display relationship filter and the bind mechanism. |
We also need this functionality. This is our use-case:
The problem:we’re getting this error in harvester pod: Failed to dial steve aggregation server: dial tcp 10.53.44.90:443: i/o timeout Possible cause:updating the default route to another interface breaks harvester networking What I've tried:
Context
kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
dedicated-server-1 Ready control-plane,etcd,master 46h v1.24.11+rke2r1 144.76.X.X <none> Harvester v1.1.2 5.14.21-150400.24.60-default containerd://1.6.15-k3s1 SolutionWe've managed to fix the issue by adding: - "content": |
node-ip: 10.1.1.10
node-external-ip: 144.76.XX.XX
"encoding": ""
"group": 0
"owner": 0
"ownerstring": ""
"path": "/etc/rancher/rke2/config.yaml.d/90-harvester-network.yaml"
"permissions": 384 |
@iosifnicolae2 You are right. Modifying the default route will destroy the whole harvester network. |
Verified fixed on Result
Test Information
Verify Steps
Steps to update cloud-provider version
Additional ContextPlease ensure cloud provider version >= 0.2.0 |
Hi @yaocw2020 @n313893254 @TachunLin, just following up on any issue with a
If it does, may you please open a PR or share details on what needs to be created or updated? |
Harvester 1.0.0
Rancher 2.6.3
Describe the bug
harvester-mgmt
andharvester-vlan
harvester-vlan
cidr-default: 10.65.0.0/24
Expected Result:
Loadbalancer VIP is reachable from clients on the VLAN 65 network.
Actual Result:
Loadbalancer VIP is not reachable from the VLAN 65 network. The root cause appears that Kube-VIP is announcing the VIP on the wrong interface:
The text was updated successfully, but these errors were encountered: