New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--hostname-override ignored when --cloud-provider is specified #54482
Comments
Looks like you are hitting the code in NodeRestriction admission plugin: Some more info here: Do you want to see (at least as a test) if you get what you need when you disable that specific admission plugin? Thanks, |
/sig node |
Hi @dims Thank you for your reply! I just tried to disable NodeRestriction plugin for apiserver and I broke my cluster (no worries it is a test cluster). First of all node ip-172-28-68-60 disappeared from node list and now I see:
kube-dns cannot start with the following error:
looks like that nodes what were already joined to cluster needs to be rejoined. In the same time kubelet continue to work with looks like that is kubelet simply ignores --hostname-override option. BR, Vasily. |
I fixed the issue for me with:
but it just a workaround in my case. Doing --node-name during the cluster initialization wasn't fixed "kubelet ignore option |
i am not using kubeadm to setup my cluster, i have setup individual compnents separately. how to resolve this error? |
Any exact solution for this? |
This is affecting me too! I believe it is using the EC2 instance's private hostname and ignoring |
I think you need to debug what kubeadm performs when you're using it with
so if you want to integrate your k8s cluster with aws you need to leave your hostname as is and tag your aws resources as described here: https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/aws/aws.go or use --allow-untagged-cloud flag for kube-controller-manager but this flag is depricated and will be removed in future release. As I don't use ELB with k8s I just tagged ec2 instances with tag
|
@2rs2ts and I do not use |
We're having a hell of a time working around this in the Canonical Distribution of Kubernetes. Since
We're able to work around this, but it seems unfortunate that |
Why are you required to use non-standard hostnames for AWS? |
We are seeing this issue too. We run a hybrid cloud/bare metal environment and we use a configuration management system which determines settings to apply based on the hostname so the default EC2 name doesn't work for us. It's definitely not obvious that a particular hostname is expected |
We have this issue also. Our DEV Kubernetes live at baremetal env where kubelet
But our staging and PROD envs are on AWS where we use Imagine that you have a team of engineers and they receive an alert 'staging Kubernetes node 5 - disk full'. What would you like them to see when they run What I want to say is that in AWS having a human-frindly CNAME record for each node and node name equal to this DNS record allows to make |
Here is a related issue that was closed by robot because nobody was on it for 90 days: #22984 |
To build on @daniilyar 's comments, I posted the following in the slack sig-node but didn't get any response so I'll add here for posterity: Looking through the referenced github PRs and tickets, I'm curious about some of the comments here: In particular: and |
@liggitt what @daniilyar said is the same chat we had few days ago on slack ;) |
@smarterclayton tagging you too as this does affect OpenShift too, i tried in Origin 3.7 with no success ... |
the comments in #58114 (comment) are relevant, hoisting them here: In cloud environments, you need an authority on the following things (and the mapping between them):
The kubelets cannot be the authority on those things:
@kubernetes/sig-cluster-lifecycle-feature-requests is working to move the cloud provider integrations out of tree. As part of that, I'd expect the kubelet to be able to be told its hostname and nodename, and to know nothing about the cloud provider at all. Once the kubelet was cloud-agnostic, no longer had to make cloud provider API calls, and just used whatever hostname/nodename it was told to, if you wanted to maintain a non-standard mapping between cloud provider node name, kubernetes node name, and hostname, that could be supported by the cloud provider's implementation if they chose to (that would mean communicating and using that mapping consistently in components that talked to the cloud provider API... ensuring everyone is using the same mapping and translating back and forth can get pretty painful)
mutating a node's configuration in pieces is not likely to end well, generally. changing its identity is just one of the things that is likely to cause issues.
this should work if you conform to the cloud provider's view of node names and hostnames when you create the nodes |
AWS allows you to run your own DHCP and private zone, so it is a perfectly valid use case to change the hostname and canonical name of a VM, have a private hosted zone that, for all intents and purposes, completely masks over the "AWS-internal" name of the VM.
AWS specifically publishes articles on how to change your VM hostname, so it is clearly seen as a valid approach by them.
Edit |
@errordeveloper is there way i can update hostname-override using preBootstrapCommands or adjusting 10-eksclt.al2.conf. hostname=$(curl -s http://169.254.169.254/latest/meta-data/hostname) here is the usecase : cluster is ready and changed the endpoint to private and using preboot scripts i am adding the nodes to domain controller and changing the hostnames to company slandered. Now the cluster is working fine for couple of days, after the reboot it is complaining about the hostname and it never returns the registered hostname . k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Unauthorized |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
/lifecycle frozen Agreed that this remains an issue, likely blocked on being able to support aws node names that are not equal to the PrivateDnsName |
FYI - we ere able to go away from custom hostnames and use the aws generated hostname by implementing dnsmasq to point to both our private dns infra and aws private dns concurrently.
…Sent from my iPhone
On May 29, 2020, at 12:42, Justin Santa Barbara ***@***.***> wrote:
/lifecycle frozen
Agreed that this remains an issue, likely blocked on being able to support aws node names that are not equal to the PrivateDnsName
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
/sig cloud-provider |
/assign @nckturner |
I found an interesting nuance. I see that the issue was created in 2017. But I faced the issue with the hostname only in EKS 1.19 when I removed
When I returned the argument back, the node successfully joined the cluster even though its hostname is actually different from EC2 private DNS name. Of course, I still see something like this in the node list in
but at least in EC2 console, in monitoring dashboards and in the node shell I'm getting normally configured name. In short, my bootstrapping process looks like this: # ...general bootstrapping...
hsname="$${AWS_EKS_CLUSTER_NAME}-$${AWS_EKS_NODE_GROUP}-$${INSTANCE_ID}" # do what you like
echo "$${hsname}" > /etc/hostname
hostname "$${hsname}"
hostnamectl set-hostname "$${hsname}"
hostnamectl set-hostname --transient "$${hsname}"
hostnamectl set-hostname --pretty "$${hsname}"
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet (And I never used But I guess all of this will be broken soon when I upgrade upper than 1.19 when |
I have a similar problem. There are multiple domains in DHCP option (like
|
I believe I have had a different experience here. I have a VPC using DHCP options set, lets say MYDOMAIN.COM that will be used in all the machines belonging to that VPC in the /etc/resolv.conf will get the domain in it including DNS servers in case the MYDOMAIN.COM is also an AWS Active Directory service. Now, if the same VPC has 2 diff types of workloads, I mean AD Joined machines and also non AD joined machines. What I have done and maybe it is a hack is during the machine provisioning change the hostname and /etc/hosts in this way via user data (assuming the EKS workloads using bottlerocket AMI won't be AD joined):
|
Hi @okgolove , Did you find any workaround to make this work? |
Hi @velmuruganvelayutham! |
stupid question, what if the hostname is changed before running |
answering to myself: hostname override does not work as: https://github.com/kubernetes/kubernetes/pull/64661/files#diff-f38ee9f130deb5f4bcd61d857729306f8416f7810ee28a21f20d954f9f4faba3R360 |
workarounding this by abusing "role" so that I can ignore hostname and just look at roles for example in Lens: |
Any idea when this will be implemented, as multiple customers are looking for this feature availability. |
I don't believe this will be changed in the in-tree AWS Cloud Provider, as it is legacy code and is scheduled to be removed. The state of the external cloud provider's behaviour with |
/remove-sig cluster-lifecycle |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
/sig aws
What happened:
Trying to start kubelet with --hostname-override=ip-172-28-68-60 but still see in the logs:
ps aux:
root 4610 3.3 7.7 404596 78320 ? Ssl 12:58 0:00 /usr/bin/kubelet ...... --hostname-override=ip-172-28-68-60
What you expected to happen:
Hostname should be ip-172-28-68-60 instead of ip-172-28-68-60.eu-west-1.compute.internal
How to reproduce it (as minimally and precisely as possible):
set
--cloud-provider=aws --hostname-override=ip-172-28-68-60
for kubelet
Anything else we need to know?:
Environment:
Kubernetes version (use
kubectl version
):Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-11T23:27:35Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-11T23:16:41Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Cloud provider or hardware configuration**: aws
OS (e.g. from /etc/os-release):
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
Kernel (e.g.
uname -a
): Linux ip-172-28-68-60 4.4.0-1038-aws Some documentation tweaks #47-Ubuntu SMP Thu Sep 28 20:05:35 UTC 2017 x86_64 x86_64 x86_64 GNU/LinuxInstall tools:
Others:
The text was updated successfully, but these errors were encountered: