Azure: machine-config-server on control plane serves ignition configs only through localhost

[jomeier]

Hi,

today I tried the new fcos vhd image for Azure. install-config.yaml set to platform: none.

Bootstrapping worked, bootstrap VM does not respond to port 22623 anymore (could be deleted), I have a control plane (3 masters) running and can get all pods if I

sudo KUBECONFIG=/etc/kubernetes/kubeconfig oc get pods --all-namespaces

Currently I don't have loadbalancers in my setup.

api-int.xxx and api.xxx are hardcoded to master-0. Before the control plane was ready, they pointed to the bootstrap VM.

I tried to add additional worker VMs but they can't get the worker.ign files from the machine-config-server running on the masters.

If I ssh into master-0 and try this curls, one works, the other ones don't:

curl -k https://localhost:22623/config/worker  <- works, worker.ign is served
curl -k https://127.0.0.1:22623/config/worker <- Connection refused
curl -k https://10.1.0.5:22623/config/worker <- Connection refused (10.1.0.5 is private IP of my master-0 VM)

So it seems as if the machine-config-server is not accessible from outside the VM.

[core@master-0 ~]$ sudo netstat -tulpn | grep 22623
tcp6       0      0 :::22623                :::*                    LISTEN      10862/machine-confi

Greetings,

Josef

[LorbusChris]

@jomeier if this is still an issue, feel free to re-open