kuryr-kubernetes

LB can not access k8s api server in devstack

Bug #1777812 reported by Lv Jiawei
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kuryr-kubernetes
Fix Released
Undecided
Lv Jiawei

Bug Description

After devstack install complete. It creates a k8s serivce with 443 port using haproxy LB.
Kuryr would create a port named kubelet-kuryr-devstack in k8s-pod-net for k8s api server. It also create a interface named kubelet00d710d both in ovs and host.
I find that haproxy LB can not access k8s api server through the kubelet-kuryr-devstack port.
The reason is that the default security-group for that port didn't have a rule which pass related ingress packets for ipv4.
Therefore, can we create a particular security-group for kubelet-kuryr-devstack port? The security-group will pass all packets from ingress and egress.

See original description
Lv Jiawei (zhangoic)
description: updated
Lv Jiawei (zhangoic)
Changed in kuryr-kubernetes:
status: New → Invalid
Lv Jiawei (zhangoic)
Changed in kuryr-kubernetes:
status: Invalid → New
status: New → Invalid
summary: - Pod can not access k8s api server in devstack
+ LB can not access k8s api server in devstack
Lv Jiawei (zhangoic)
description: updated
Changed in kuryr-kubernetes:
status: Invalid → New
description: updated
description: updated
description: updated
Changed in kuryr-kubernetes:
assignee: nobody → Lv Jiawei (zhangoic)
Lv Jiawei (zhangoic)
description: updated
description: updated
Revision history for this message
Michal Dulko (michal-dulko-f) wrote :

Isn't that fixed in https://review.openstack.org/#/c/580198/ ? If that's not the case please reopen the bug.

Changed in kuryr-kubernetes:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.