k8s NodePort allocation of port 30001 lets vim service crash
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
M Camp |
Bug Description
Using k8s on top of StarlingX we did allocate a NodePort service to use port 30001.
Everything worked right a couple of days.
Then we did lock and unlock the host for configuration management. Cluster became instable.
After a troubleshooting session we found that vim service is using port 30001.
Also it looks like port 30004 is allocated by vim
nfv-vim 183011 root 29u IPv4 345017 0t0 TCP 127.0.0.1:30001 (LISTEN)
nfv-vim 183011 root 30u IPv4 345018 0t0 TCP 192.168.204.1:30004 (LISTEN)
The problem is that k8s by default can allocate these ports to NodePort service.
Steps to reproduce
------------------
Create a k8s service with speicfic NodePort=300001
Lock and unlock a host.
Fix proposal
------------
Restrict k8s service node port ranges to exclude those (and maybe other?) ports needed by StarlingX
http://
we use duplex setup and 19.12 version, BUILD_ID= "r/stx. 3.0"