Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: Control Plane with "ClusterFirstWithHostNet" is a circular dependency. #1236

Closed
mauilion opened this issue Nov 13, 2018 · 5 comments · Fixed by kubernetes/kubernetes#71010
Closed

kubeadm: Control Plane with "ClusterFirstWithHostNet" is a circular dependency. #1236

mauilion opened this issue Nov 13, 2018 · 5 comments · Fixed by kubernetes/kubernetes#71010
Assignees
@chuckha
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Milestone
v1.13

Comments

@mauilion
Copy link

mauilion commented Nov 13, 2018
edited
Loading

BUG REPORT

Versions

kubeadm version (use kubeadm version): 1.13

What happened?

I was looking through the changelog for 1.13 and noticed:
kubernetes/kubernetes#68890

With this change the apiserver will not be able to resolv dns names until kube-proxy and kube-dns are started
.
The resolv.conf of the apiserver when ClusterFirstWithHostNet is set:

bash-4.3# cat /etc/resolv.conf 
nameserver 10.96.0.10 #service ip of kube-dns
search default.svc.cluster.local svc.cluster.local cluster.local cisco.com
options ndots:5

This is likely green because the apiserver manifest has the following set:

--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--etcd-servers=https://127.0.0.1:2379

With these settings we would probably make the tests green because kube-apiserver will be able to resolve what it needs to by using the ip addresses bypassing dns resolution.

If the user has an external etcd cluster this will break as the apiserver will be unable to resolve the external etcd cluster by name.

If the kubelet-preferred-address-types is the default (Hostname) this will break as well.

Any other calls the apiserver has to make before the kube-dns and kube-proxy are started will fail (Though there probably aren't too many calls to make there.)
@mauilion
Copy link
Author

/assign @chuckha
/priority critical
@timothysc

@timothysc timothysc added the priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. label Nov 13, 2018
@timothysc timothysc added this to the v1.13 milestone Nov 13, 2018
@timothysc timothysc added the kind/bug Categorizes issue or PR as related to a bug. label Nov 13, 2018
@rdodev
Copy link

rdodev commented Nov 13, 2018

Hmmmm 👁

@chuckha
Copy link

chuckha commented Nov 13, 2018

I reproduced both the failure using the release-1.13 release branch and the the successful case using release-1.12.

@neolit123 neolit123 mentioned this issue Nov 13, 2018
Merged
@chuckha
Copy link

chuckha commented Nov 13, 2018

Method:

To reproduce the failure I built kubeadm from the release-1.13 branch. I used that to build an etcd server. I created a control plane that had to resolve a dns lookup to connect to etcd. This dns lookup was defined in /etc/hosts, but the kube-apiserver was unable to resolve the etcd host.

I repeated the process using a kubeadm from the 1.12.2 release and the kube-apiserver was able to resolve and connect to etcd with no issue.

@anfernee
Copy link
Member

what is the current solution for the case where apiserver wants to resolve hostname using kube-dns?

@rdodev rdodev removed their assignment Aug 15, 2019
@BenTheElder BenTheElder mentioned this issue Sep 22, 2021
Closed
@BenTheElder BenTheElder mentioned this issue Oct 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chuckha chuckha

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Projects
None yet
Milestone
v1.13
Development

Successfully merging a pull request may close this issue.

Revert "kubeadm: Create control plane with ClusterFirstWithHostNet dns policy" neolit123/kubernetes
5 participants
@chuckha @timothysc @anfernee @rdodev @mauilion