2018-07-12 03:41:44 |
Venkatesh Velpula |
bug |
|
|
added bug |
2018-07-13 04:48:56 |
Venkatesh Velpula |
nominated for series |
|
juniperopenstack/r5.0 |
|
2018-07-13 04:48:56 |
Venkatesh Velpula |
bug task added |
|
juniperopenstack/r5.0 |
|
2018-07-13 04:49:03 |
Venkatesh Velpula |
juniperopenstack/r5.0: milestone |
|
r5.0.1 |
|
2018-07-13 04:50:01 |
Venkatesh Velpula |
description |
Explicit firewalls need to be created to allow the traffic on the NodePort on the node to access service from outside using the NodePort service
Either this need to be taken care as part of the provisioning or while creating the Nodeport Type Service
currently the FORWARD rule is set to DROP
==============================
Build :5.1.0-184
Deployment :Ansible_deployer
HOST OS: CENTOS7.5
=============================
Topology
=========
[root@nodei25 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
nodei25 NotReady master 19h v1.9.2
nodei26 Ready <none> 19h v1.9.2
[root@nodei25 ~]#
[root@nodei25 ~]#
[root@nodei25 ~]#
[root@nodei25 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h
np-svc-test NodePort 10.105.223.229 <none> 80:30099/TCP 14h
[root@nodei25 ~]# kubectl describe svc np-svc-test
Name: np-svc-test
Namespace: default
Labels: run=load-balancer-test
Annotations: <none>
Selector: run=load-balancer-test
Type: NodePort
IP: 10.105.223.229
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30099/TCP
Endpoints: 10.47.255.250:80,10.47.255.251:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[root@nodei25 ~]# kubectl get ep
NAME ENDPOINTS AGE
kubernetes 10.204.217.137:6443 19h
np-svc-test 10.47.255.250:80,10.47.255.251:80 14h
[root@nodei25 ~]#
on the node
=================
[root@nodei26 ~]#
[root@nodei26 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@nodei26 ~]#
[root@nodei26 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:30099 <<<<<<<<<
KUBE-FIREWALL all -- anywhere anywhere
KUBE-SERVICES all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
target prot opt source destination
KUBE-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:30099<<<<<<<<<<<
ACCEPT tcp -- anywhere anywhere
KUBE-FIREWALL all -- anywhere anywhere
KUBE-SERVICES all -- anywhere anywhere
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION (0 references)
target prot opt source destination
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain KUBE-FORWARD (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain KUBE-SERVICES (2 references)
target prot opt source destination
[root@nodei26 ~]#
[root@nodei26 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@nodei26 ~]#
[root@nodei26 ~]# contrail-status
Pod Service Original Name State Status
vrouter agent contrail-vrouter-agent running Up 19 hours
vrouter nodemgr contrail-nodemgr running Up 19 hours
vrouter kernel module is PRESENT
== Contrail vrouter ==
nodemgr: active
agent: active |
Explicit firewalls need to be created to allow the traffic on the NodePort on the node to access service from outside using the NodePort service
Either this need to be taken care as part of the provisioning or while creating the Nodeport Type Service
currently the FORWARD rule is set to DROP
==============================
Build :5.1.0-184
Deployment :Ansible_deployer
HOST OS: CENTOS7.5
=============================
Topology
=========
[root@nodei25 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
nodei25 NotReady master 19h v1.9.2
nodei26 Ready <none> 19h v1.9.2
[root@nodei25 ~]#
[root@nodei25 ~]#
[root@nodei25 ~]#
[root@nodei25 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h
np-svc-test NodePort 10.105.223.229 <none> 80:30099/TCP 14h
[root@nodei25 ~]# kubectl describe svc np-svc-test
Name: np-svc-test
Namespace: default
Labels: run=load-balancer-test
Annotations: <none>
Selector: run=load-balancer-test
Type: NodePort
IP: 10.105.223.229
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30099/TCP
Endpoints: 10.47.255.250:80,10.47.255.251:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[root@nodei25 ~]# kubectl get ep
NAME ENDPOINTS AGE
kubernetes 10.204.217.137:6443 19h
np-svc-test 10.47.255.250:80,10.47.255.251:80 14h
[root@nodei25 ~]#
on the node
=================
[root@nodei26 ~]#
[root@nodei26 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@nodei26 ~]#
[root@nodei26 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:30099 <<<<<<<<<
KUBE-FIREWALL all -- anywhere anywhere
KUBE-SERVICES all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<by default it was DROP
target prot opt source destination
KUBE-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:30099<<<<<<<<<<<
ACCEPT tcp -- anywhere anywhere
KUBE-FIREWALL all -- anywhere anywhere
KUBE-SERVICES all -- anywhere anywhere
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION (0 references)
target prot opt source destination
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain KUBE-FORWARD (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain KUBE-SERVICES (2 references)
target prot opt source destination
[root@nodei26 ~]#
[root@nodei26 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@nodei26 ~]#
[root@nodei26 ~]# contrail-status
Pod Service Original Name State Status
vrouter agent contrail-vrouter-agent running Up 19 hours
vrouter nodemgr contrail-nodemgr running Up 19 hours
vrouter kernel module is PRESENT
== Contrail vrouter ==
nodemgr: active
agent: active |
|
2018-07-13 04:50:13 |
Venkatesh Velpula |
juniperopenstack/r5.0: importance |
Undecided |
High |
|
2018-07-13 17:00:50 |
Dinesh Bakiaraj |
juniperopenstack/r5.0: assignee |
|
Dinesh Bakiaraj (dineshb) |
|
2018-07-13 17:00:54 |
Dinesh Bakiaraj |
juniperopenstack: assignee |
Sachchidanand Vaidya (vaidyasd) |
Dinesh Bakiaraj (dineshb) |
|
2018-07-17 07:53:13 |
Jeba Paulaiyan |
nominated for series |
|
juniperopenstack/trunk |
|
2018-07-17 07:53:13 |
Jeba Paulaiyan |
bug task added |
|
juniperopenstack/trunk |
|
2018-07-23 13:38:52 |
Venkatesh Velpula |
tags |
ansible blocker contrail-kube-manager |
ansible contrail-kube-manager sanityblocker |
|
2018-07-25 22:26:45 |
Dinesh Bakiaraj |
juniperopenstack/r5.0: assignee |
Dinesh Bakiaraj (dineshb) |
Ramprakash R (ramprakash) |
|
2018-07-25 22:27:01 |
Dinesh Bakiaraj |
juniperopenstack/trunk: assignee |
Dinesh Bakiaraj (dineshb) |
Ramprakash R (ramprakash) |
|
2018-08-01 15:37:52 |
Evgeny Kuznetsov |
bug |
|
|
added subscriber Evgeny Kuznetsov |
2018-08-02 18:45:34 |
OpenContrail Admin |
juniperopenstack/trunk: status |
New |
In Progress |
|
2018-08-02 18:57:17 |
OpenContrail Admin |
juniperopenstack/r5.0: status |
New |
In Progress |
|
2018-08-02 22:40:06 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2018-08-03 20:54:35 |
OpenContrail Admin |
juniperopenstack/r5.0: status |
In Progress |
Fix Committed |
|
2018-08-07 13:04:25 |
Venkatesh Velpula |
juniperopenstack/r5.0: status |
Fix Committed |
Fix Released |
|
2018-08-07 13:04:27 |
Venkatesh Velpula |
juniperopenstack/trunk: status |
Fix Committed |
Fix Released |
|