Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LB not working with externalTrafficPolicy set to Local #763

Closed
JrCs opened this issue Sep 16, 2019 · 20 comments · Fixed by #1720
Closed

LB not working with externalTrafficPolicy set to Local #763

JrCs opened this issue Sep 16, 2019 · 20 comments · Fixed by #1720
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@JrCs
Copy link
Contributor

JrCs commented Sep 16, 2019
edited
Loading

/kind bug

What happened:
If we create a service of Type LoadBalancer and ### externalTrafficPolicy with value Local the LB that will be create will not work as expected.

What you expected to happen:
Only LB traffic to nodes that have the pod running.

How to reproduce it (as minimally and precisely as possible):
Create a service of type LoadBalancer with externalTrafficPolicy set to Local.

Anything else we need to know?:
When using externalTrafficPolicy with value Local, the LB that will be create must have only members (nodes) where the pod of the service we want to access is running.
In case of externalTrafficPolicy set to Cluster, the LB that will be create must have all the worker nodes as members.

Environment:

  • openstack-cloud-controller-manager version: v1.15.0
  • OS (e.g. from /etc/os-release): Container Linux by CoreOS 2191.4.1
  • Kernel (e.g. uname -a): 4.19.66-coreos
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 16, 2019
@lingxiankong
Copy link
Contributor

The current OCCM implementation(based on OpenStack) doesn't support this feature, as per https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support and https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip, seems this feature implementation is different from cloud to cloud.

If your purpose of using this param is to preserve the client source IP, you can use loadbalancer.openstack.org/x-forwarded-for: "true" in the annotation of LoadBalancer type Service.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 15, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 14, 2020
@bgagnon
Copy link

bgagnon commented Jan 24, 2020

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Jan 24, 2020
@bgagnon
Copy link

bgagnon commented Jan 24, 2020

The option serves two mostly unrelated concerns:

  • preserve the client ip
  • remove nodes that do not have an endpoint from the load balancer rotation

The second point, according to docs:

[...] if you’re running on Google Kubernetes Engine/GCE, setting the same service.spec.externalTrafficPolicy field to Local forces nodes without Service endpoints to remove themselves from the list of nodes eligible for loadbalanced traffic by deliberately failing health checks.

This feature is valuable in very large cluster running an ingress controller. In this scenario, every few nodes have the ingress proxy (nginx, envoy, etc.), so there's no gain in including them in the cloud load balancer.

If we take health check hint from GCE above, I believe this can be implemented similarly in Openstack.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 23, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 23, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@bgagnon
Copy link

bgagnon commented Aug 21, 2020

/reopen
/remove-lifecycle rotten

@k8s-ci-robot
Copy link
Contributor

@bgagnon: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen
/remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 21, 2020
@bgagnon
Copy link

bgagnon commented Aug 21, 2020

@lingxiankong can you please reopen? thanks!

@JrCs
Copy link
Contributor Author

JrCs commented Aug 21, 2020

/reopen
/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot reopened this Aug 21, 2020
@k8s-ci-robot
Copy link
Contributor

@JrCs: Reopened this issue.

In response to this:

/reopen
/remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 19, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 19, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@databus23 databus23 mentioned this issue Dec 22, 2021
Merged
@jichenjc
Copy link
Contributor

/reopen

reopen for bug track

@k8s-ci-robot
Copy link
Contributor

@jichenjc: Reopened this issue.

In response to this:

/reopen

reopen for bug track

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot reopened this Jan 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[oocm] support for externalTrafficPolicy: Local sapcc/cloud-provider-openstack
6 participants
@bgagnon @JrCs @lingxiankong @jichenjc @k8s-ci-robot @fejta-bot