Kubernetes API Load Balancer

ha-cluster-vip not correctly written to kubeconfig

Bug #2017812 reported by Jake Nabasny
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubernetes API Load Balancer
Fix Released
Medium
Adam Dyess
Kubernetes API Load Balancer 1.27+ck1

Bug Description

== SUMMARY ==

When either the "ha-cluster-vip" or "loadbalancer-ips" options are set in the kubeapi-load-balancer charm, it writes the VIP to the kubeconfigs on the kubernetes-worker units with brackets "[]" around it (e.g. https://[10.100.0.99]:6443). This causes a critical problem because the kube-proxy cannot parse this URL and fails to start. This leads to the kubelet failing and receiving on error in the juju status: "Waiting for kubelet to start". The related error from the kube-proxy snap is:

kube-proxy.daemon[77861]: W0424 20:53:28.522475 77861 reflector.go:324] vendor/k8s.io/client-go/informers/factory.go:134: failed to list *v1.Node: Get "https://['10.100.0.99']:6443/api/v1/nodes?fieldSelector=metadata.name%3Djuju-df0e12-2&limit=500&resourceVersion=0": dial tcp: lookup '10.100.0.99': no such host

== EXAMPLE BUNDLE CONFIGURATION ==

    options:
      ha-cluster-vip: "10.100.0.99"
      loadbalancer-ips: "10.100.0.99"

== WORKAROUND ==

Update the proxy-extra-args parameter on the kubernetes-control-plane and kubernetes-worker charms with:

juju config kubernetes-control-plane proxy-extra-args=master=https://10.100.0.99:6443
juju config kubernetes-worker proxy-extra-args=master=https://10.100.0.99:6443

Then reboot the worker units.

See original description
Jake Nabasny (slapcat)
description: updated
Revision history for this message
Navdeep (navdeep-bjn) wrote :

This seems to be a retrogression since the same setting used to work with charmed k8s 1.21 and is causing an issue when I deploy with the 1.24 channel

Adam Dyess (addyess)
Changed in charm-kubeapi-load-balancer:
milestone: none → 1.27+ck1
status: New → Triaged
Changed in charm-kubernetes-master:
milestone: none → 1.27+ck1
Changed in charm-kubernetes-worker:
milestone: none → 1.27+ck1
Changed in charm-kubernetes-master:
status: New → Triaged
Changed in charm-kubernetes-worker:
status: New → Triaged
Adam Dyess (addyess)
Changed in layer-kubernetes-common:
milestone: none → 1.27+ck1
status: New → Triaged
Revision history for this message
Adam Dyess (addyess) wrote :

It doesn't seem possible to reproduce this with 1.28/edge channel charms.

can you provide the charm revisions used from `juju status`

Adam Dyess (addyess)
no longer affects: layer-kubernetes-common
no longer affects: charm-kubernetes-master
no longer affects: charm-kubernetes-worker
Revision history for this message
Navdeep (navdeep-bjn) wrote (last edit ):

App Version Status Scale Charm Channel Rev Exposed Message

kubeapi-load-balancer 1.18.0 active 3 kubeapi-load-balancer 1.24/stable 27 yes Loadbalancer ready.

The kubeconfig files on the worker nodes also have the same square brackets in the server line

$ sudo grep http /root/cdk/ -R
/root/cdk/kubeproxyconfig: server: https://[10.100.0.99]:6443
/root/cdk/kubeproxyconfig.new: server: https://[10.100.0.99]:6443
/root/cdk/kubeconfig: server: https://[10.100.0.99]:6443
/root/cdk/kubeconfig.new: server: https://[10.100.0.99]:6443

Revision history for this message
Adam Dyess (addyess) wrote :

I've reproduced now!

It's vital to use the following relations

kubeapi-load-balancer:lb-consumers kubernetes-control-plane:loadbalancer-external loadbalancer regular
kubeapi-load-balancer:lb-consumers kubernetes-control-plane:loadbalancer-internal loadbalancer regular

Revision history for this message
Adam Dyess (addyess) wrote :

Possible solution:
https://github.com/charmed-kubernetes/charm-kubeapi-load-balancer/pull/20

Looking for a review

Changed in charm-kubeapi-load-balancer:
status: Triaged → In Progress
assignee: nobody → Adam Dyess (addyess)
Revision history for this message
Navdeep (navdeep-bjn) wrote :

Adam,

I am using the following relations in my bundle file. do I need any other relations?

- - kubernetes-control-plane:loadbalancer-external
  - kubeapi-load-balancer:lb-consumers
- - kubernetes-control-plane:loadbalancer-internal
  - kubeapi-load-balancer:lb-consumers

Pedro Victor Lourenço Fragola (pedrovlf)
tags: added: backport-needed
George Kraft (cynerva)
Changed in charm-kubeapi-load-balancer:
status: In Progress → Fix Committed
Revision history for this message
George Kraft (cynerva) wrote :

Navdeep, those should be the only relations you need between kubeapi-load-balancer and kubernetes-control-plane.

You can download the reference bundle to see what other relations may be expected for a given release of Charmed Kubernetes. For example:

juju download charmed-kubernetes --channel 1.27/stable
unzip charmed-kubernetes*.bundle -d charmed-kubernetes
cat charmed-kubernetes/bundle.yaml

Adam Dyess (addyess)
tags: removed: backport-needed
Adam Dyess (addyess)
Changed in charm-kubeapi-load-balancer:
importance: Undecided → Medium
Revision history for this message
Adam Dyess (addyess) wrote :

Demonstration of functionality in ck-1.24, 1.25, and 1.26
https://paste.ubuntu.com/p/Cp7NtPHnrb/

Revision history for this message
Navdeep (navdeep-bjn) wrote :

I verified the fix in one of our test clusters. Please let me now once it is available in the stable branch.

Revision history for this message
Francesco De Simone (fdesi) wrote :

Hi, is there an ETA for when this fix will be released?

Revision history for this message
George Kraft (cynerva) wrote :

This fix is currently available in the 1.27/candidate charm channel. We're still working to get this promoted to 1.27/stable but we're having some issues with our test suite. It's hard to provide an ETA given the nature of these issues so the best I can offer is: hopefully within the next couple of days.

Kevin W Monroe (kwmonroe)
Changed in charm-kubeapi-load-balancer:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.