-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.14.z
-
Important
-
None
-
False
-
-
-
-
-
07/22 no workaround yet. Need more info. BQI:Good
-
Description of problem:
I have a case, where when a customer tried to curl the k8s svc from the pod which was scheduled on a node on which egress IPv6 is attached, getting connection timed out.
They have configured IPv4 egressIP and IPv6 egressIP in a single egress object, which is not working as expected and they are not able to get a response while curling to the k8s svc but when try to curl the DNS service, it is working.
$ oc get egressips.k8s.ovn.org -o yaml
apiVersion: v1
items:
- apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"k8s.ovn.org/v1","kind":"EgressIP","metadata":{"annotations":{},"name":"egressip"},"spec":{"egressIPs":["10.91.131.199","2a00:8a00:4000:020c:0000:0000:0002:0955"],"namespaceSelector":{},"podSelector":{"matchLabels":{"default-egress":"enabled"}}}}
creationTimestamp: "2024-06-12T13:25:28Z"
generation: 5
name: egressip
resourceVersion: "198127"
uid: 6fb67bf3-148b-4453-8c7c-4b2e1e467d3f
spec:
egressIPs:
- 10.91.131.199
- 2a00:8a00:4000:020c:0000:0000:0002:0955
namespaceSelector: {}
podSelector:
matchLabels:
default-egress: enabled
status:
items:
- egressIP: 2a00:8a00:4000:20c::2:955
node: slabnode2439.sprintlab750cluster.tre.nsn-rdnet.net
- egressIP: 10.91.131.199
node: slabnode2440.sprintlab750cluster.tre.nsn-rdnet.net
kind: List
metadata:
resourceVersion: ""
curl -k -v https://172.30.0.1:443/api?timeout=32s
Trying 172.30.0.1:443...
connect to 172.30.0.1 port 443 failed: Connection timed out
Failed to connect to 172.30.0.1 port 443: Connection timed out
Closing connection 0
curl: (28) Failed to connect to 172.30.0.1 port 443: Connection timed out
But when they created two separate egress objects for IPv4 and IPv6 egress assignment, they are able to curl the k8s svc IP.
$ oc get egressips.k8s.ovn.org NAME EGRESSIPS ASSIGNED NODE ASSIGNED EGRESSIPS egressip 10.91.131.199 slabnode2440.sprintlab750cluster.tre.nsn-rdnet.net 10.91.131.199 egressip-ipv6 2a00:8a00:4000:020c:0000:0000:0002:0955 slabnode2438.sprintlab750cluster.tre.nsn-rdnet.net 2a00:8a00:4000:20c::2:955
They have not modified the Kubernetes service in the default namespace. It is a single stack with ipv4.
- Neep help in understanding, how we can configure IPv6 and IPv4 egress IPs in a dual-stack cluster.
- Should we need to add any on-top /additional configuration to make the default Kubernetes service dual stack? If so, can you please share the documentation for the same?
