Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
kube-proxy v1.13.0 and 1.13.1 brokes services with externalIPs #72779
Kubernetes version: 1.13.1.
We are used services like this:
where IP 192.168.10.201 is from our internal /24 network (in particular, our Kube nodes have IPs 192.168.10.1, 192.168.10.2 etc). Note that there is no conflicts between real IPs and virtual external ones.
Before updating from 1.12.3 to 1.13.1, it worked correctly. In partucular these IPs was accessible from other non-Kubernetes hosts from 192.168.10.0/24 network. After update kube-proxy to 1.13.1, this feature stops working: non-Kubernetes hosts cannot resolve service IPs via ARP:
On Kubernetes hosts it still working, because not requires ARP resolving.
If we reset sysctl parameter arp_ignore on Kube hosts,
all works normally even from non-Kube hosts.
Quck debugging shows that problem is in the commit 489e95b. Please make this behaviour opt-out. (Now we resets arp_ignore to 0 via cron every 1 min.)