Headless should use ExternalIP when using --publish-host-ip #1263
Comments
|
Just encountered this as well - the documentation seems to imply that it's designed for routing to nodes from the internet ("when trying to access them from outside the cluster") — perhaps there's a bug? |
|
Got the behavior I wanted by using a service with |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
I'm confused by this as well. |
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
#1391 should resolve this; it's working for my purposes. Both |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
/kind feature |
k8s-ci-robot
added
the
kind/feature
Were you still using a Headless service to do this, or not? |
|
@stefanlasiewski Here's the manifest: apiVersion: v1
kind: Service
metadata:
name: admin-marker
labels:
app: admin-marker
annotations:
livepeer.live/admin-external-dns: "true"
external-dns.alpha.kubernetes.io/hostname: "[redacted]"
external-dns.alpha.kubernetes.io/ttl: "120"
spec:
type: NodePort
externalTrafficPolicy: Local
selector:
app: admin-marker
ports:
- port: 443
targetPort: 443
protocol: TCP
name: https |
|
Thanks @iameli. Looks like your solution was to use the NodePort service type, instead of a Headless service (probably due to this bug). I have a similar NodePort service, and it's using the internal IP address of the node, not the external IP. I'm looking around for a solution. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle stale |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
"complete" |
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
/reopen |
|
@kevincox: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Yes! Thanks for pointing that out. The final docs are here: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/hostport.md#user-content-using-node-external-ips-as-targets My config for the reference of others looks like this. Only the relevant parts kept. I didn't have to do anything special with the external-dns process itself. apiVersion: apps/v1
kind: DaemonSet
spec:
template:
spec:
name: nginx
ports:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCPapiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP
external-dns.alpha.kubernetes.io/hostname: example.com
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443 |
Right now when publishing a headless service it uses the internal IP which means that it can't receive inbound connections.
I think this should be the default since the service code prefers external IP. However it might be best to avoid changing current behaviour.
The text was updated successfully, but these errors were encountered: