-
Notifications
You must be signed in to change notification settings - Fork 39.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: kube-proxy needs to know the pod subnet CIDR #39440
kubeadm: kube-proxy needs to know the pod subnet CIDR #39440
Conversation
…erstand what's internal and external traffic. Fixes kubernetes/kubeadm#102
This might be a noob question, but should the kube-proxy |
@amacneil the pod network. Let me remind you the service network is already known to the API server. |
@luxas ping |
ping @luxas |
As I mentioned on Slack, this doesn't fix the issue in most cases. kubeadm has no idea about the pod subnet except when using flannel in k8s api backed mode. We just don't know this and never will. I'm curious exactly what the issue with kube-proxy is when it does not know this, I've never encountered it. @thockin (feel free to ping somebody else that knows) why does kube-proxy have this flag? At a first glance it seems like bad design for this particular flag, but on the other hand I don't have the full context on this. TL;DR; This PR does not solve the issue, but we should discuss how we can solve the issue anyway. |
cmd/kube-proxy/app/options/options.go 84: fs.StringVar(&s.ClusterCIDR, "cluster-cidr", s.ClusterCIDR, "The CIDR range of pods in the cluster. It is used to bridge traffic coming from outside of the cluster. If not provided, no off-cluster bridging will be performed.") |
@luxas all checks are green, ping. |
We discussed this during the sig meeting, and will do an other approach than we initially thought. We'll encourage (and maybe even require) the user to setting this Pod CIDR value on So we will encourage setting both the CNI network manifest and this Pod CIDR, which also allows us to do what this PR implements, namely pass that Pod CIDR to kube-proxy. /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED The following people have approved this PR: luxas, pires Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue (batch tested with PRs 40574, 40806, 40308, 40771, 39440) |
What this PR does / why we need it:
kube-proxy
1.5 has a new flagcluster-cidr
that isn't specified bykubeadm
, thus resulting in bug kubernetes/kubeadm#102.Which issue this PR fixes: fixes kubernetes/kubeadm#102
Special notes for your reviewer:
/cc @luxas @dmmcquay