Set cri-dockerd `streaming-bind-addr` to fixed address #9965

brandond · 2024-04-17T19:11:40Z

Created from discussion at #9724 (reply in thread)

We should set this to a fixed port, rather than letting the cri-dockerd listener pick a random port at startup. We should also consider passing through the IP from the k3s bind-address option, if set.

The text was updated successfully, but these errors were encountered:

mdrahman-suse · 2024-06-20T18:45:22Z

Validated on RC v1.30.2-rc3+k3s1

Environment and config

Ubuntu 22.04, Single server

# config.yaml
write-kubeconfig-mode: 644
cluster-init: true
token: <token>
node-name: server1
docker: true

Testing

Install k3s
Ensure cluster is up and running
Validate fixed stream server bind address 127.0.0.1:10010 is used for cri-dockerd

Replication

$ k3s -v
k3s version v1.30.1+k3s1 (80978b5b)
go version go1.22.2

Observed random port 33429

$ sudo netstat -nlp | grep k3s
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:2381          0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:2382          0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:6444          0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 xxx.xx.37.191:2379      0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 xxx.xx.37.191:2380      0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10256         0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10257         0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10258         0.0.0.0:*               LISTEN      18032/k3s server
tcp        0      0 127.0.0.1:10259         0.0.0.0:*               LISTEN      18032/k3s server
tcp6       0      0 :::33429                :::*                    LISTEN      18032/k3s server
tcp6       0      0 :::10260                :::*                    LISTEN      18032/k3s server
tcp6       0      0 :::10250                :::*                    LISTEN      18032/k3s server
tcp6       0      0 :::6443                 :::*                    LISTEN      18032/k3s server
unix  2      [ ACC ]     STREAM     LISTENING     97927    18032/k3s server     /run/k3s/cri-dockerd/3083231680
unix  2      [ ACC ]     STREAM     LISTENING     98933    18032/k3s server     /var/lib/kubelet/pod-resources/3441029080
unix  2      [ ACC ]     STREAM     LISTENING     98232    18032/k3s server     /var/lib/kubelet/device-plugins/kubelet.sock

$ sudo ss -lntup | grep k3s
tcp   LISTEN 0      4096            127.0.0.1:10256      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=199))
tcp   LISTEN 0      4096            127.0.0.1:10257      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=195))
tcp   LISTEN 0      4096            127.0.0.1:10258      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=213))
tcp   LISTEN 0      4096            127.0.0.1:10259      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=219))
tcp   LISTEN 0      4096            127.0.0.1:10248      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=182))
tcp   LISTEN 0      4096            127.0.0.1:10249      0.0.0.0:*    users:(("k3s-server",pid=18032,fd=204))
tcp   LISTEN 0      4096        xxx.xx.37.191:2379       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=11))
tcp   LISTEN 0      4096            127.0.0.1:2379       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=10))
tcp   LISTEN 0      4096            127.0.0.1:6444       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=18))
tcp   LISTEN 0      4096        xxx.xx.37.191:2380       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=9))
tcp   LISTEN 0      4096            127.0.0.1:2380       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=8))
tcp   LISTEN 0      4096            127.0.0.1:2381       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=17))
tcp   LISTEN 0      4096            127.0.0.1:2382       0.0.0.0:*    users:(("k3s-server",pid=18032,fd=12))
tcp   LISTEN 0      4096                    *:10260            *:*    users:(("k3s-server",pid=18032,fd=212))
tcp   LISTEN 0      4096                    *:33429            *:*    users:(("k3s-server",pid=18032,fd=29))
tcp   LISTEN 0      4096                    *:10250            *:*    users:(("k3s-server",pid=18032,fd=177))
tcp   LISTEN 0      4096                    *:6443             *:*    users:(("k3s-server",pid=18032,fd=7))

Validation

$ k3s -v
k3s version v1.30.2-rc3+k3s1 (aa4794b3)
go version go1.22.4

No random port is observed

$ sudo netstat -nlp | grep k3s
tcp        0      0 127.0.0.1:10010         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:2381          0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:2382          0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:6444          0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 172.31.37.191:2379      0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 172.31.37.191:2380      0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10256         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10257         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10258         0.0.0.0:*               LISTEN      24102/k3s server
tcp        0      0 127.0.0.1:10259         0.0.0.0:*               LISTEN      24102/k3s server
tcp6       0      0 :::10260                :::*                    LISTEN      24102/k3s server
tcp6       0      0 :::10250                :::*                    LISTEN      24102/k3s server
tcp6       0      0 :::6443                 :::*                    LISTEN      24102/k3s server
unix  2      [ ACC ]     STREAM     LISTENING     126731   24102/k3s server     /var/lib/kubelet/pod-resources/235454636
unix  2      [ ACC ]     STREAM     LISTENING     128038   24102/k3s server     /var/lib/kubelet/device-plugins/kubelet.sock
unix  2      [ ACC ]     STREAM     LISTENING     125912   24102/k3s server     /run/k3s/cri-dockerd/3505646234

$ sudo ss -lntup | grep k3s
tcp   LISTEN 0      4096            127.0.0.1:10256      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=160))
tcp   LISTEN 0      4096            127.0.0.1:10257      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=175))
tcp   LISTEN 0      4096            127.0.0.1:10258      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=187))
tcp   LISTEN 0      4096            127.0.0.1:10259      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=157))
tcp   LISTEN 0      4096            127.0.0.1:10010      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=191))
tcp   LISTEN 0      4096            127.0.0.1:10248      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=193))
tcp   LISTEN 0      4096            127.0.0.1:10249      0.0.0.0:*    users:(("k3s-server",pid=24102,fd=217))
tcp   LISTEN 0      4096        xxx.xx.37.191:2379       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=12))
tcp   LISTEN 0      4096            127.0.0.1:2379       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=11))
tcp   LISTEN 0      4096            127.0.0.1:6444       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=30))
tcp   LISTEN 0      4096        xxx.xx.37.191:2380       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=9))
tcp   LISTEN 0      4096            127.0.0.1:2380       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=8))
tcp   LISTEN 0      4096            127.0.0.1:2381       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=16))
tcp   LISTEN 0      4096            127.0.0.1:2382       0.0.0.0:*    users:(("k3s-server",pid=24102,fd=10))
tcp   LISTEN 0      4096                    *:10260            *:*    users:(("k3s-server",pid=24102,fd=182))
tcp   LISTEN 0      4096                    *:10250            *:*    users:(("k3s-server",pid=24102,fd=188))
tcp   LISTEN 0      4096                    *:6443             *:*    users:(("k3s-server",pid=24102,fd=7))

brandond self-assigned this Apr 17, 2024

brandond added this to the v1.30.1+k3s1 milestone Apr 17, 2024

brandond mentioned this issue Apr 18, 2024

Use fixed stream server bind address for cri-dockerd #9975

Merged

caroline-suse-rancher modified the milestones: v1.30.1+k3s1, v1.30.2+k3s1 May 13, 2024

This was referenced May 23, 2024

[Release-1.29] - Set cri-dockerd streaming-bind-addr to fixed address #10151

Closed

[Release-1.28] - Set cri-dockerd streaming-bind-addr to fixed address #10152

Closed

[Release-1.27] - Set cri-dockerd streaming-bind-addr to fixed address #10153

Closed

ShylajaDevadiga assigned endawkins May 28, 2024

mdrahman-suse assigned mdrahman-suse and unassigned endawkins Jun 20, 2024

mdrahman-suse closed this as completed Jun 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set cri-dockerd `streaming-bind-addr` to fixed address #9965

Set cri-dockerd `streaming-bind-addr` to fixed address #9965

brandond commented Apr 17, 2024

mdrahman-suse commented Jun 20, 2024

Set cri-dockerd streaming-bind-addr to fixed address #9965

Set cri-dockerd streaming-bind-addr to fixed address #9965

Comments

brandond commented Apr 17, 2024

mdrahman-suse commented Jun 20, 2024

Validated on RC v1.30.2-rc3+k3s1

Environment and config

Testing

Replication

Validation

Set cri-dockerd `streaming-bind-addr` to fixed address #9965

Set cri-dockerd `streaming-bind-addr` to fixed address #9965