kOVHernetes kubelet and etcd occasionally listen on the instance's public IP

kubelet and etcd occasionally listen on the instance's public IP

Open antoineco opened this issue 5 years ago • 0 comments

Occasionally, coreos-metadata sets the value of COREOS_OPENSTACK_IPV4_LOCAL to the instance's public IP, probably due to a race.

This breaks commands like kubectl logs or kubectl exec (respectively the containerLogs and exec APIs) and exposes both kubelet and etcd publicly.

# /run/metadata/coreos
COREOS_OPENSTACK_INSTANCE_ID=i-00123456                                  
COREOS_OPENSTACK_HOSTNAME=kovhtestnode01                         
COREOS_OPENSTACK_IPV4_LOCAL=203.0.113.1                                                             
COREOS_OPENSTACK_IPV4_PUBLIC=

$ sudo ss -tlpn
...
LISTEN     0      128       203.0.113.1:10250   *:*   users:(("kubelet",pid=819,fd=19))
LISTEN     0      128       127.0.0.1:2379      *:*   users:(("etcd",pid=877,fd=8))
LISTEN     0      128       203.0.113.1:2379    *:*   users:(("etcd",pid=877,fd=7))

Temporary fix: reboot the nodes.

Sep 07 '18 13:09 antoineco

kOVHernetes kOVHernetes copied to clipboard

kubelet and etcd occasionally listen on the instance's public IP

kOVHernetes
kOVHernetes copied to clipboard