New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent reset of changes to kubernetes endpoints #104252
Comments
/sig network you might get more responses on: |
/triage needs-information @RichardoC was this an endpoint created automatically (by endpoint controller in response to service's selector) or a manually created endpoint? |
I confirm I can repro this. From pkg/controlplane/reconcilers/instancecount.go:
That's not super helpful. It looks like that code INTENDS to fix ports, but it's not obvious at a glance why it doesn't. Oh. That's WAY up-stack in pkg/controlplane/controller.go:
I don't immediately see why that can't be /triage accepted |
This was created automatically for a service (kubernetes service in default namespace for this example) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
@khenidak just wondering if this issue is still being worked on, I'd like to help |
/assign |
/cc |
Quoting from #107773 (comment)
|
Thanks for chiming in, I take your point about the API server port and that k8s doesn't usually stop you doing something bad but I do think this is a case where I would expect the API server to reconcile this back to the "correct" state. I'm sure there are alternative ways of fixing this that will enable heterogeneous endpoint ports? |
@RichardoC apparently apiserver multiports are going away , so may comment maybe outdated :) |
Thanks! Regardless of the port number conventions, k8s should be able to recover from this unfortunate scenario. I hope this request makes sense? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
/remove-lifecycle stale |
What happened:
If you change some attributes of the kubernetes endpoint in the default namespace, they are not reset
Attributes that are reset (correctly)
Attributes that are not reset (incorrect)
If you change those attibutes of the kubernetes endpoint in the default namespace it is not reset to the correct value. This differs from the IP address which is reset rapidly.
What you expected to happen:
All attributes to be reset to the correct values.
Example of what I expect to happen
Here's an example of the IP being reset to 192.168.65.4 rather than being left at the wrong values (1.1.1.1)
How to reproduce it (as minimally and precisely as possible):
Example to patch the port to some nonsense that won't work
To reset to default
Example to patch the port name
To reset to default
Example to patch the protocol
To reset to default
Anything else we need to know?:
The resetting behaviour of the IP address prevents #97076 being used to MITM traffic to the kubernetes API, so that's good.
Environment:
kubectl version
):Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
Kubernetes enabled on docker desktop on macos
cat /etc/os-release
):uname -a
):N/A
The text was updated successfully, but these errors were encountered: