Dual stack follow-ups

[aojea]

Fix documentation and workaround 1.20 versions to enable the feature gate

This needs an image bump for having the kindnet dualstack versions, so pods can get dual-stack addresses

Fixes: #2172

[aojea]

/hold
it needs images bumps

[aojea]

is this ok, or should we use Json6902?

[BenTheElder]

There's a much easier way to default this when we generate the base kind config which also respects the user patch applied on top. See how we handled it for the PV feature gatr

[aojea]

kubeadm adds the corresponding feature gates flags to the other components, controller-manager, apiserver, kube-proxy ... and validates that podsubnet and serviceSubnet are correct ... so we don't need to set the feature flags

[aojea]

/assign @BenTheElder
/cc @aspenmesh @howardjohn

[k8s-ci-robot]

@aojea: GitHub didn't allow me to request PR reviews from the following users: aspenmesh, howardjohn.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/assign @BenTheElder
/cc @aspenmesh @howardjohn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[aojea]

after updated the kindnet image

kubectl set image ds/kindnet kindnet-cni=kindest/kindnetd:v20210326-1e038dc5 -n kube-system

and delete the old kindnet pods that should be crashlooping because it can't handle dualstack correctly

I0401 13:49:37.797835       1 main.go:185] handling current node
panic: Can't synchronize rules after 3 attempts: running [/usr/sbin/iptables -t nat -C KIND-MASQ-AGENT -d 10.244.0.0/16,fd00:10:244::/56 -j RETURN -m comment --comment kind-masq-agent: local traffic is not subject to MASQUERADE --wait]: exit status 2: iptables v1.8.5 (legacy): invalid mask `56' specified
Try `iptables -h' or 'iptables --help' for more information.

I have some problems because the apiserver fails to validate everything after this error

E0401 12:44:27.426813       1 controller.go:152] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/172.18.0.2, ResourceVersion: 0, AdditionalErrorMsg: 
E0401 12:44:27.435678       1 fieldmanager.go:186] [SHOULD NOT HAPPEN] failed to update managedFields for /, Kind=: failed to convert new object (/v1, Kind=Node) to smd typed: .status.addresses: duplicate entries for key [type="InternalIP"]

@liggitt can you give me some hints to debug this further?

EDIT

this is with 1.20.2

[aojea]

/retest

[liggitt]

E0401 12:44:27.435678       1 fieldmanager.go:186] [SHOULD NOT HAPPEN] failed to update managedFields for /, Kind=: failed to convert new object (/v1, Kind=Node) to smd typed: .status.addresses: duplicate entries for key [type="InternalIP"]

@liggitt can you give me some hints to debug this further?

sounds like kubernetes/kubernetes#88182

cc @apelisse

[liggitt]

duplicate entries for key [type="InternalIP"]

Looks like a retread of kubernetes/kubernetes#79391 (comment), but now with server-side apply.

[liggitt]

If we can have existing objects with duplicate items here (and it sounds like we can), the managedFields update cannot break update of those objects. Complaining on Apply requests is in-bounds (though it sounds like the merge key selected for the field may be wrong in the first place if we expect to have multiple entries of the same address type with different IP families)

[apelisse]

Yeah, I'd be very surprised if it does, I think that's a red-herring.

[BenTheElder]

Please note that this requires 0.11.0+

[aojea]

@liggitt @apelisse indeed it was a redherring, thanks for your quick response, I can't explain why by it was caused by a wrong kubeadm configuration, there was also rbac errors on the scheduler and the controller manager.

@BenTheElder PTAL, it needs the new kindnet image in order to work

kubectl set image ds/kindnet kindnet-cni=kindest/kindnetd:v20210326-1e038dc5 -n kube-system

$ kubectl apply -f https://gist.githubusercontent.com/aojea/90768935ab71cb31950b6a13078a7e92/raw/99ceac308f2b2658c7313198a39fbe24b155ae68/dual-stack.yaml
$ kubectl get endpointslices -o wide
NAME                            ADDRESSTYPE   PORTS   ENDPOINTS                       AGE
kubernetes                      IPv4          6443    172.18.0.2                      4m24s
my-service-prefer-dual-jswjr    IPv4          80      10.244.0.6,10.244.0.5           45s
my-service-prefer-dual-vvkdt    IPv6          80      fd00:10:244::3,fd00:10:244::2   45s
my-service-require-dual-4hqq2   IPv6          80      fd00:10:244::3,fd00:10:244::2   45s
my-service-require-dual-75hk8   IPv4          80      10.244.0.6,10.244.0.5           45s
my-service-v4-429wd             IPv4          80      10.244.0.6,10.244.0.5           45s
my-service-v6-crtqs             IPv6          80      fd00:10:244::3,fd00:10:244::2   45s

[aojea]

/hold cancel

[BenTheElder]

we should really use the version for the PR that enabled it by default so it works with arbitrary commits 🙃

if you checkout kubernetes master then the commit you can grab the version.

[BenTheElder]

can be a follow-up

[aojea]

this was the kubeadm one kubernetes/kubernetes#99294

and this the kubernetes one kubernetes/kubernetes#98969

[aojea]

the must parse semantic doesn't accept versions with letters IIRC

[BenTheElder]

@aojea upgrade the kindnetd image / manifest? you have access 🙃

[BenTheElder]

/lgtm
/approve
can be handled in another PR, along with refining the versions

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, BenTheElder

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [BenTheElder,aojea]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment