New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HA] etcd cannot listen behind NAT if there is only one master node existing #2345
Comments
here are the code in question A workaround would be to place 127.0.0.1 before the client URL? |
So here's what I think, we should allow the user to change the etcd listen addresses, or even listen on wildcard 0.0.0.0, the latter is of course a bad catch-all solution but who cares? |
Can you show the output of:
|
Oh I see, it won't even come up because it's trying to connect to itself at the public IP address. |
Validated using latest master commit:
|
Hello, Regards, |
I have a similar use case where I need etcd to advertise the external IP. Working on a POC w/ K3S running in WSL2. WSL2 gets a new IP each time so I had to create a static IP address and specify that as --node-ip to keep k3s working between restarts. Windows is the external IP and it portproxies to the embedded WSL's dynamic ip which K3S/etcd are running in. It runs as a single master just fine and can remotely access it with kubectl etc. The problem comes up when trying to join as a cluster. Another 'normal' K3S instance can't complete the cluster join because the etcd 'advertised IP' is the Windows/WSL/Static IP which of course is not routeable. If I can just add a flag to tell etcd to use the external address, instead of the internal private address, my use case will be fixed. I am able to get further by changing my static IP address to be the Windows public IP (I am sure I have other problems ahead) but at least the etcd advertised is now reporting a routeable IP. Still wondering if you can supply etcd w/ what it should advertise, similar to their docs: |
If you are using a home router, and that you want to use etcd, then you are out of luck now because the embedded etcd assumes its
advertise-address
to be the same as what k3s does too -- this means it will try and listen to the external IP and it will not listen to your actual internal IP (e.g. you got external IP 123.123.123.123, but your router gives you an internal IP 192.168.1.123 from 192.168.1.0/24, and etcd tried to listen to 123.123.123.123 which is invalid), causing a "deadlock" situation to prevent bootstrapping from finishing. I tried to modify the etcd config but it was overwritten everytime. I need to listen to 192.168.1.123 and not 123.123.123.123.If you tried to change advertise address to your internal IP, here the example would be 192.168.1.123, then although your etcd will resume working, but all of your other nodes won't be able to connect to you, well because you advertised your internal IP rather than the supposed external IP 123.123.123.123. In other words this is a dilemma.
This is only reproducible for one node master. If you have more than that your etcd client and other node clients will just connect to other reachable master nodes and it will just work over there and see you as a partition.
The text was updated successfully, but these errors were encountered: