Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service includes pods from across namespaces that have matching selectors. #5215

Closed
sangeethah opened this issue Jun 21, 2016 · 3 comments
Closed

Service includes pods from across namespaces that have matching selectors. #5215

sangeethah opened this issue Jun 21, 2016 · 3 comments
Assignees
@tfiduccia
Labels
area/kubernetes kind/bug Issues that are defects reported by users or that we know have reached a real release
Milestone
Release 1.2.0-pre2

Comments

@sangeethah
Copy link
Contributor

Rancher Version: v1.1.0-dev5

Steps to create the problem:
Create service/rc/pod in 1 namespace.
Create the same set of service/rc/pod (using the same yml file) in another namespace.
When service is listed in UI (from any of the namespace), pods from both the namespaces are listed

screen shot 2016-06-21 at 3 55 46 pm

screen shot 2016-06-21 at 3 55 58 pm

> kubectl create namespace test1
namespace "test1" created
> kubectl create -f test1.yml --namespace==test1
Error from server: error when creating "test1.yml": namespaces "=test1" not found
Error from server: error when creating "test1.yml": namespaces "=test1" not found
> kubectl create -f test1.yml --namespace test1
service "k8test1" created
replicationcontroller "k8testrc1" created
> kubectl create namespace test2
namespace "test2" created
> kubectl create -f test1.yml --namespace test2
service "k8test1" created
replicationcontroller "k8testrc1" created

cat test1.yml

apiVersion: v1
kind: Service
metadata:
 name: k8test1
 labels:
   k8s-app: k8test1-service
spec:
 ports:
 - port: 81
   targetPort: 81
   protocol: TCP
   name: http
 selector:
   k8s-app: k8test1-service

---
apiVersion: v1
kind: ReplicationController
metadata:
 name: k8testrc1
spec:
 replicas: 2
 selector:
   k8s-app: k8test1-service
 template:
   metadata:
     labels:
       k8s-app: k8test1-service
   spec:
     terminationGracePeriodSeconds: 60
     containers:
     - name: testcontainer
       image: sangeetha/testnewhostrouting
       ports:
       - containerPort: 81

When ingress is created for this service , lb traffic gets redirected to all the pods ( from both the namespaces).
@sangeethah sangeethah added kind/bug Issues that are defects reported by users or that we know have reached a real release kind/question Issues that just require an answer. No code change needd labels Jun 21, 2016
@sangeethah sangeethah added this to the Release 1.1.0 milestone Jun 21, 2016
@alena1108 alena1108 modified the milestones: Release 1.2.0-dev1, Release 1.1.0 Jun 23, 2016
@alena1108 alena1108 mentioned this issue Jul 22, 2016
Merged
@alena1108 alena1108 added status/resolved kind/bug Issues that are defects reported by users or that we know have reached a real release and removed kind/bug Issues that are defects reported by users or that we know have reached a real release kind/question Issues that just require an answer. No code change needd labels Jul 22, 2016
@alena1108 alena1108 assigned sangeethah and unassigned alena1108 Jul 22, 2016
@sangeethah
Copy link
Contributor Author

sangeethah commented Jul 23, 2016
edited

Tested with v1.2.0-pre1-rc4 and kubernetes 1.3.0 ( rancher/k8s:v1.3.0-rancher3).
This issue is still seen.
Create service/rc/pod in 1 namespace.
Create the same set of service/rc/pod (using the same yml file) in another namespace.
When service is listed in UI (from any of the namespace), pods from both the namespaces are listed.

@sangeethah sangeethah assigned alena1108 and unassigned sangeethah Jul 23, 2016
@alena1108 alena1108 removed their assignment Jul 23, 2016
@alena1108
Copy link

@vincent99 looks like UI needs to be fixed. Not sure what calculation it uses for displaying pods under service, but it does include pods with matching selectors cross namespaces.

We've put a fix on k8s agent to inject namespace info to the selector of the k8s service that we propagate to Rancher. So this way pods cross namespaces don't join the service. So in the DB, I'm seeing 2 pods behind the service; kubectl also shows only 2 endpoints. Yet UI includes 4 pods

vincent99 added a commit to vincent99/ui that referenced this issue Jul 27, 2016
@vincent99
Filter selector to current namespace (rancher/rancher#5215)
e5f4c0f
@vincent99 vincent99 self-assigned this Jul 27, 2016
@vincent99 vincent99 assigned tfiduccia and unassigned vincent99 Jul 28, 2016
@tfiduccia
Copy link

Version - master 8/2
Verified fixed

@will-chan will-chan mentioned this issue Sep 6, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tfiduccia tfiduccia

Labels
area/kubernetes kind/bug Issues that are defects reported by users or that we know have reached a real release
Projects
None yet
Milestone
Release 1.2.0-pre2
Development

No branches or pull requests
6 participants
@vincent99 @alena1108 @sangeethah @deniseschannon @tfiduccia @soumyalj