-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to create new kOps cluster in OpenStack #12980
Comments
Hi, I'm also hitting this issue and I'm currently also using the temporary solution that you mentioned. This will currently affect security group rule and load balancer listener creation. I'm currently not sure the direction on how to fix this yet |
I am thinking /cc @johngmyers |
is there mechanism in kOps config where we could check is ipv6 enabled or not? We could use that to detect do we need add ::0 or not |
I am thinking the cloud provider code should be handling this, omitting IPv6 addresses from cloud-specific firewall APIs that don't accept them. It is the place that has the most context about what clouds or parts of the cloud support IPv6. |
"is ipv6 enabled" is not a simple binary question. There is the |
When creating security group, the default EtherType is IPv4. Currently AdminAccess default includes IPv6 CIDR, in this case EtherType should be changed to IPv6. This commit fixed this issue by checking if the CIDR is IPv6 before creating the rule, if it is, EtherType will be changed to IPv6. Fixes: kubernetes#12980
When creating security group rule, the default EtherType is IPv4. Currently, AdminAccess default includes IPv6 CIDR, in this case EtherType should be changed to IPv6. This commit fixed this issue by checking if the CIDR is IPv6 before creating the rule, if it is, EtherType will be changed to IPv6. Fixes: kubernetes#12980
When creating security group rule, the default EtherType is IPv4. Currently, AdminAccess default includes IPv6 CIDR, in this case EtherType should be changed to IPv6. This commit fixed this issue by checking if the CIDR is IPv6 before creating the rule, if it is, EtherType will be changed to IPv6. Fixes: kubernetes#12980
/kind bug
1. What
kops
version are you running? The commandkops version
, will displaythis information.
master
2. What Kubernetes version are you running?
kubectl version
will print theversion if a cluster is running or provide the Kubernetes version specified as
a
kops
flag.1.22.3
3. What cloud provider are you using?
openstack
4. What commands did you run? What is the simplest way to reproduce this issue?
5. What happened after the commands executed?
I can see following in logs
the problem is that kOps nowadays adds
::0
underspec.kubernetesApiAccess
andspec.sshAccess
by default. However, it does not work if we do not have ipv6 enabled in the OpenStack network.The temporary solution to fix this is to write
kops edit cluster
and remove those::0
rules. After that kops update cluster works.The text was updated successfully, but these errors were encountered: