New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

winkernel kube-proxy assumes nodename and hostname are the same #71799

Closed
astrieanna opened this Issue Dec 6, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@astrieanna

astrieanna commented Dec 6, 2018

What happened: When using the vsphere cloud provider and a hostname override, kube-proxy does not recognize local endpoints correctly.

What you expected to happen: kube-proxy should use the same logic as kubelet to determine nodename. The nodename does not need to be the same as the hostname override.

How to reproduce it (as minimally and precisely as possible):
(1) Run a cluster on vsphere with a windows node, with the vsphere cloud provider
(2) Start kube-proxy with a hostname override that does not match the os' hostname, and see kube-proxy mark local pods' HNSEndpoints as remote.

Anything else we need to know?:
kube-proxy behaves as if the endpoints are remote because the nodename of the endpoints does not match the hostname-override passed into kube-proxy.

This is the line where proxier compares a nodename in an endpoint to the hostname:
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/winkernel/proxier.go#L896

The hostname used by proxier above is determined by kube-proxy here:
https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/app/server_windows.go#L75

This will use the hostname-override if provided, and the os' hostname otherwise. This hostname is used to create the proxier, a healthz check, and the NodeRef in the ProxyServer struct. I believe that the other two uses actually want a hostname (an IP or something DNS-routeable).

kubelet determines the nodename:
https://github.com/kubernetes/kubernetes/blob/master/cmd/kubelet/app/server.go#L536

I think kube-proxy should use the same cloud-provider function to determine the nodename, since the important thing about this value is it matched what kubelet is using when registering the node.

Environment:

  • Kubernetes version (use kubectl version): 1.11/1.12
  • Cloud provider or hardware configuration: vsphere
  • OS (e.g. from /etc/os-release): 1803

/kind bug

@astrieanna

This comment has been minimized.

astrieanna commented Dec 6, 2018

/sig windows

@k8s-ci-robot k8s-ci-robot added sig/windows and removed needs-sig labels Dec 6, 2018

@astrieanna

This comment has been minimized.

astrieanna commented Dec 6, 2018

This also applies to other proxiers (the ones on linux):
https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/endpoints.go#L221

@astrieanna astrieanna closed this Dec 6, 2018

@astrieanna astrieanna reopened this Dec 6, 2018

@astrieanna

This comment has been minimized.

astrieanna commented Dec 6, 2018

/sig network

@dineshgovindasamy

This comment has been minimized.

dineshgovindasamy commented Dec 6, 2018

@astrieanna We use the same logic as other Proxies. I think we should table this discussion in the SIG Network meeting if we want to change this to all proxies.

@astrieanna

This comment has been minimized.

astrieanna commented Dec 7, 2018

@dineshgovindasamy good point. I'm closing this issue in favor of one that is focused on kube-proxy as a whole, since this is not just windows. #71851

@astrieanna astrieanna closed this Dec 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment