flannel icon indicating copy to clipboard operation
flannel copied to clipboard
verified publisher icon flannel-io

using --iface not change vxlan listen address

Open mcarbonneaux opened this issue 1 year ago • 4 comments

Your Environment

  • Flannel version: the lastest
  • Backend used (e.g. vxlan or udp): vxlan
  • Etcd version: not revelant (the etcd included with kubernetes 1.30.6)
  • Kubernetes version (if used):kubernetes 1.30.6
  • Operating System and version: ubuntu 24.04

Context

i'm in single node kubernetes server based on k3s (i've disabled the integrated flannel to use the last version of this repository because the integrated version as the same problem).

i'm try to force vxlan udp listen on specific interface (not the public one), to avoid to expose the vxlan endpoint to my public interface. my server as only one interface with public ip, first i've tryed to use looback but many part of kubernetes not whant to start correctly... to avoid that i've created dummy interface name kubelet0 with private ip 192.168.0.1. with that dummy interface i can force all part of kubernetes to listen on that ip (all work fine), but not the vxlan part of flannel...

# netstat -lnput | grep 8472
udp        0      0 0.0.0.0:8472            0.0.0.0:*                           -

i've tryed to force the interface with --iface but flanned continue to listen on any interface (0.0.0.0).

Current Behavior and Steps to Reproduce (for bugs)

i've added --iface <myifacename> to /opt/bin/flanneld.

i see in the pod log that flanneld use the good ip of my iface (a dummy interface kubelet0 configured with the ip 192.168.0.1) but continue to listen en any address (0.0.0.0):

kube-flannel I1118 12:27:43.378063       1 match.go:264] Using interface with name kubelet0 and address 192.168.0.1                                                                             
kube-flannel I1118 12:27:43.378100       1 match.go:286] Defaulting external address to interface address (192.168.0.1)

Expected Behavior

vxlan listen on 192.168.0.1 interface... like that :

# netstat -lnput | grep 8472
udp        0      0 192.168.0.1:8472            0.0.0.0:*                           -

mcarbonneaux avatar Nov 18 '24 12:11 mcarbonneaux 

kubectl get node -o yaml | grep public-

zhangguanzhang avatar Nov 20 '24 09:11 zhangguanzhang 

# kubectl get node -o yaml | grep public-
      flannel.alpha.coreos.com/public-ip: <my public ip>

mcarbonneaux avatar Nov 26 '24 09:11 mcarbonneaux

https://github.com/k3s-io/k3s/issues/4626

there any option to secure by default flannel ?

mcarbonneaux avatar Dec 07 '24 19:12 mcarbonneaux

additional information, the interface configured with the ip: 192.168.0.1 is linux dummy interface.

i created this interface because the the rest of k3s/kubernetes refuse to use loopback interface for configuring private network (i have only public network on my machine and single node).

mcarbonneaux avatar Mar 16 '25 23:03 mcarbonneaux

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Sep 12 '25 23:09 stale[bot]