New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubelet tries to use system-wide http_proxy setting for communicating with local pods #48792
Comments
@Ace13 There are no sig labels on this issue. Please add a sig label by: |
/sig node |
@kubernetes/sig-network-misc |
For merely livenessProbe, I find the proxy is set here , it only reads NO_PROXY and excludes ip in NO_PROXY. So we can exclude all hosts who have the same cidr as k8s cluster. If you think this solution is feasible, I would like to submit such a patch. @xiangpengzhao @cmluciano |
If kubelet is able to append the cluster CIDR to its NO_PROXY variable itself then that would definitely solve the issue for me. Certainly more appropriate than my current workaround of running a tainted k8s node on the proxy server. |
It seems that we can not get CIDR through API in this issue #25533 . sad. |
FYI it is not possible to use a CIDR in NO_PROXY. https://unix.stackexchange.com/questions/23452/set-a-network-range-in-the-no-proxy-environment-variable |
Sorry, I am incorrect. It does work for kubelet, but not for curl. I figured my tests with curl were sufficient. |
using the configured proxy settings as-is is correct. kubelet cannot assume you don't want to go through the configured proxy in order to reach the pod network.
kubernetes components support CIDR in NO_PROXY. See #23003 |
|
/kind bug
What happened:
An additional proxy server was set up for our internal Kubernetes cluster, to replace one that had been running as an internet-accessible Kubernetes node.
This means that the proxy no longer has access to the Kubernetes CIDRs, which the old one had.
At this point, liveness and readyness checks started failing for all pods, corresponding to entries in the proxy access log;
What you expected to happen:
Kubelet ignores proxy settings when trying to communicate with pods hosted on the local machine.
How to reproduce it (as minimally and precisely as possible):
Environment:
kubectl version
): v1.5.2uname -a
): 3.10.0-514.26.2.el7.x86_64The text was updated successfully, but these errors were encountered: