-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pod unable to reach itself through a service using driver none #13370
Comments
I don't think it is possible to run it without a CNI (?), so something like KubeNet is getting deprecated, so probably shouldn't recommend that. Not sure if kindnet works on host ? |
My start command is: |
The default setup (auto) is supposed to work out-of-the-box, also when running directly on localhost.
Currently it just disables CNI, which is probably not the best choice. So should pick something else.
It is slightly better than But only ever-so slightly. For newer Kubernetes (1.24+), it should use both CRI and CNI... |
Not sure to understand. |
To start from a clean cluster i deleted the minikube and restarted with the above command: Some pod don't start: Works with default cni (auto) or calico |
That looks like the CNI plugins are missing, you are supposed to provide both CRI and CNI when running "none" |
Thx @afbjorklund .
This time the command: for intf in /sys/devices/virtual/net/bridge/brif/*; do cat $intf/hairpin_mode; done |
Also i have this logs in the journal: |
There are more resources under https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ |
I checked https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#pods-are-not-accessible-via-their-service-ip
and
and hostname -i return an ip
(I'm using vagrant) Still the call don't work:
continue to search |
Good spot on |
After some trial, it worked after adding the following rule after minikube started. |
So after searching i found the reason. To make it work i added : By adding it to the docker-user it's not cleared when docker daemon restart (done by the start of minikube) Maybe minikube should add that rule after start? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
FYI, with minikube against virtualbox backend, we've also seen that we've had to have 2 replicas of a pod in order for the code in the pod to access its own service-url. This seemed to be a iptables-based implementation of services limitation where a given pod couldn't redirect to itself. |
I believe this git issue makes the Apache Solr Operator ( https://solr.apache.org/operator/ ) difficult to use with minikube. Solr clusters seems to fail under minikube when minikube is created with More details in apache/solr-operator#498 |
I have the same problem on Ubuntu 20.04 with Thank you @belfo for digging into this, your findings have helped a lot. This is enough for me after the
The traffic returning from the outside to the cluster is already taken care of by the entry in KUBE-FORWARD chain.
I second that suggestion, plus the rule for the external routing. |
@lopiola I have the same problem on Debian 11.7 with
or worked for me, I can't understand why minikube don't add this rules |
What Happened?
If a pod has a service which points to the pod, the pod cannot reach itself through the service IP. Other pods can reach the service and the pod itself can reach other services.
Similar to #1568
But i'm using driver none, and the different proposal in the issue hasn't help.
Just a simple service :
apiVersion: v1
kind: Pod
metadata:
name: replyer
namespace: sample-domain1-ns
spec:
containers:
image: nginx-echo-headers:v1
imagePullPolicy: IfNotPresent
restartPolicy: Always
apiVersion: v1
kind: Service
metadata:
namespace: sample-domain1-ns
name: replyer-ext
spec:
selector:
k8s-app: replyer
ports:
port: 8080
protocol: TCP
targetPort: 8080
nginx-echo-headers is a sample nginx that print back request (https://github.com/brndnmtthws/nginx-echo-headers), and i added curl to the image.
From the running pod if i run curl:
/ # curl -v replyer-ext:8080
curl: (7) Failed to connect to replyer-ext port 8080: Operation timed out
Attach the log file
I added the logs, i have other pods running, hopefully the logs are clear
log2.txt
Operating System
Ubuntu
Driver
None
The text was updated successfully, but these errors were encountered: