Comment 17 for bug 1884995
Revision history for this message
| Przemyslaw Hausman (phausman) wrote | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
I have just hit this problem with OpenStack Yoga on Ubuntu Focal and Kubernetes 1.25.4. Troubleshooting led to the conclusion that the image for openstack-
Here's how to reproduce the problem and later update the image for openstack-
STEPS TO REPRODUCE
1. Deploy service with a Load Balancer:
```
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimes
labels:
app: cdk-cats
name: cdk-cats
spec:
replicas: 3
selector:
matchLabels:
app: cdk-cats
strategy: {}
template:
metadata:
creationT
labels:
app: cdk-cats
spec:
containers:
- image: calvinhartwell/
name: cdk-cats
ports:
- containerPort: 80
path: /
port: 80
restartPo
serviceAc
status: {}
---
apiVersion: v1
kind: Service
metadata:
name: cdk-cats
spec:
type: LoadBalancer
selector:
app: cdk-cats
ports:
- protocol: TCP
port: 80
targetPort: 80
EOF
```
2. Wait until EXTERNAL-IP is populated:
```
$ kubectl get svc cdk-cats
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cdk-cats LoadBalancer 10.152.183.148 172.27.82.77 80:30060/TCP 3m33s
```
3. Try to access the service using the Floating IP of the Load Balancer:
```
$ curl http://
curl: (52) Empty reply from server
```
^this is incorrect, we should be able to access the service already.
4. Verify that Load Balancer in OpenStack is OK:
```
$ openstack loadbalancer list -f yaml
- id: 467a4d7c-
name: kube_service_
operating_status: ONLINE
project_id: e54528bf42fd43d
provider: amphora
provisioning_
vip_address: 192.168.0.118
```
OK, looks good, it is active and online.
5. Check if the security group allowing access to kubernertes-worker nodes is present
```
$ openstack security group rule list | grep 30060
```
This is incorrect, security group should have been already created.
TROUBLESHOOTING
1. Check the cloud-config secret and make sure `manage-
```
$ kubectl get secret -o yaml -n kube-system cloud-config
apiVersion: v1
data:
cloud.conf: W0dsb2JhbF... [REDACTED]
endpoint-ca.cert: LS0tLS1CRUdJTi... [REDACTED]
kind: Secret
metadata:
annotations:
kubectl.
{
creationTimes
labels:
cdk-addons: "true"
name: cloud-config
namespace: kube-system
resourceVersion: "148790"
uid: 7d84ccc7-
type: Opaque
$ echo 'W0dsb2JhbF... [REDACTED]' | base64 -d
[Global]
auth-url = https:/
region = RegionOne
username = admin
password = [REDACTED]
tenant-name = admin
domain-name = admin_domain
tenant-domain-name = admin_domain
ca-file = /etc/config/
[LoadBalancer]
use-octavia = true
subnet-id = dd344c91-
floating-network-id = f52e5d35-
lb-method = ROUND_ROBIN
manage-
```
All good, `manage-
2. Check the image for openstack-
```
$ kubectl get -o yaml ds openstack-
image: rocks.canonical
```
3. Update the image to more recent version
```
$ kubectl edit ds openstack-
```
...and update the `image` key with `k8scloudprovid
4. Recreate the deployment of the service with Load Balancer.
When done, check if LB works.
-> yes, now it works
Verify the presence of security group
-> yes, the security group is now present, allowing access to the port that the service is listening on:
```
$ openstack security group rule list | grep 30088
| d78d9120-
```
This leads to conclusion that the image for openstack-