New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WSL2] Sync failed errors in kube-proxy for Service with SessionAffinity: ClientIP #1740
Comments
hmm, I think that is missing one kernel module, If I'm correct it should be |
kind is not going to mess with your kernel modules so bug => support If docker desktop is missing a module, that's probably hard to fix as an end user, but they might be willing to seeing as they also offer running the docker desktop VM as a single fixed-version kubernetes node instead of just dockerd. |
/kind external |
Yes, it looks like the current WSL2 Kernel is built without |
thanks @tallaxes ! |
If someone wants to compile the 5.10 LTS kernel for WSL2 with this option enabled, take a look here https://github.com/WSLUser/WSL2-Linux-Kernel/blob/linux-msft-wsl-5.10.y/Microsoft/config-wsl. Follow https://wsl.dev/wsl2-kernel-zfs/ for steps for compiling your own kernel. |
I am sorry but a newbie question. I have come across the same issue using docker-desktop. I have downloaded and installed the latest docker-desktop but to no avail. Is there a release where this will be embedded for end-users or do we have to compile on our own? Client: Server: WARNING: bridge-nf-call-iptables is disabled |
@hawk29 - that would be a question to WSL2 maintainers; as far as I can tell it is not included in any recent releases. (And I don't see any PR merging activity at microsoft/WSL2-Linux-Kernel - so maybe they just don't accept contributions ...) FWIW, in tallaxes/WSL2-Linux-Kernel fork I have configured GitHub Action to build it, so you should be able to get built Kernel image from there - without worrying about downloading/running "mystery meat" bits - since the build process is transparent. The Kernel image is captured as build artifact - click on build run, scroll to Artifacts, look for |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tallaxes FYI your build artifact was removed due to age. |
@thavlik Rebuilt |
I don't recall if this existed then but https://kind.sigs.k8s.io/docs/user/using-wsl2/ is where we host what we know needs to be done for WSL2, since the maintainers don't use WSL2 we can really use any missing bits contributed there, https://kind.sigs.k8s.io/docs/contributing/development/#documentation thanks! OP: if your issue is not resolved, please file a new one, I've eliminated that bot from this repo, but I think maybe this issue is now stale anyhow 🤔 |
I haven't needed @thavlik Did you run into this issue recently? Is it still reproducible? If so it might be worth adding the information about cusom kernel to the wsl2 docs. |
Yes, on both WSL2 and Hyper-V backends I have an issue where a microservice that issues a token is a few seconds ahead of the test code, and the golang JWT library will error if you use a token before it's issued. I worked around it by catching the error in development environments only. |
I can confirm. The issue is still reproducible. The solution with custom kernel works. I compiled The soluton
|
this is at least documented now, thanks @anyname2. |
thanks @valeneiko |
What happened:
iptables fail to be updated on the nodes after a
Service
withsessionAffinity: ClientIP
is created.The issue manifests in requests beeing dropped to any Services that were created after the Service with session affinity.
kube-proxy pod is logging the following error:
What you expected to happen:
iptables to be updated correctly so that requests could be routed to any Service in the cluster.
How to reproduce it (as minimally and precisely as possible):
Create a
Service
withsessionAffinity: ClientIP
Anything else we need to know?:
Issue is reproducible with both
kubeProxyMode: iptables
(default) andkubeProxyMode: ipvs
Environment:
kind v0.8.1 go1.13.8 linux/amd64
kind v0.9.0-alpha+95753c11434213 go1.15beta1 linux/amd64
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.5", GitCommit:"e0fccafd69541e3750d460ba0f9743b90336f24f", GitTreeState:"clean", BuildDate:"2020-05-01T02:11:15Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
v1.18.2
(default withkind v0.8.1
) andv1.18.6
(default withkind v0.9.0-alpha
)(Build: 19041.388)
The text was updated successfully, but these errors were encountered: