-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoadBalancers crashing after updating from 1.27.3 to 1.29.3 #9949
Comments
Can you show the output of k3s/pkg/cloudprovider/servicelb.go Lines 451 to 452 in 06b6444
It looks like you've set k3s/pkg/cloudprovider/servicelb.go Lines 565 to 572 in 06b6444
I suspect might cause the klipper-lb script try to send traffic to the node's IPv6 address, even if the service itself only supports IPv4. It shouldn't do that. |
Here is the output for
The output for
|
OK, I can replicate this:
The pod and service are both ipv4 only but the node has an ipv6 address, so it incorrectly tries to set up ipv6 forwarding. |
Validated on Version:-$ k3s version v1.30.1+k3s-df5db28a (df5db28a)
Environment DetailsInfrastructure Node(s) CPU architecture, OS, and Version: Cluster Configuration: Steps to validate the fix
Reproduction Issue:
Validation Results:
|
Environmental Info:
K3s Version: k3s version v1.29.3+k3s1 (8aecc26)
go version go1.21.8
Node(s) CPU architecture, OS, and Version: Linux astra 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64 GNU/Linux
Cluster Configuration: Single node server
Describe the bug:
I recently upgraded my cluster from 1.27.3 to 1.29.3, and I encountered a problem with klipper-lb that I managed to solve, but I'm not sure if it's a misconfiguration somewhere on my side or a bug.
I use LoadBalancer services to expose the services on my node ports, and after the upgrade, some (3 out of 5) of the klipper-lb daemon sets were in a crash loop. The klipper pod was in a crash loop because the ipv6 forwarding sysctl was not enabled in the container, and the DEST_IPS variable contained both the ipv4 and ipv6 of the node (the daemon sets still working only had the node ipv4 in this variable), leading to an "exit 1" in the container entry script. As a temporary fix, I manually edited the daemonset config to add the missing sysctl. After that the daemonsets were working again.
Steps To Reproduce:
Expected behavior:
After the upgrade, the LoadBalancers should keep working as before
Actual behavior:
LoadBalancers are in a crash loop after the upgrade
Additional context / logs:
Service yaml file
Example of a fixed DaemonSet (added lines start with a star):
Example of an unaffected DaemonSet:
The text was updated successfully, but these errors were encountered: