kops icon indicating copy to clipboard operation
kops copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Classic LB is created with irrelevant AZs

Open aberenshtein opened this issue 2 years ago • 4 comments

/kind bug

1. What kops version are you running? The command kops version, will display this information. 1.22.0 2. What Kubernetes version are you running? kubectl version will print the version if a cluster is running or provide the Kubernetes version specified as 1.22.3 a kops flag.

3. What cloud provider are you using? aws

4. What commands did you run? What is the simplest way to reproduce this issue? create LB service type Add the "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled": "true" annotation

5. What happened after the commands were executed? A classic LB was created with 3 AZs. Only one of the subnets is relevant (master and worker nodes run on a single AZ)

Screen Shot 2022-05-29 at 14 33 14

When you run dig to resolve the IPs, the application would something get the IP of the irrelevant subnet and could pass traffic to the pods.

6. What did you expect to happen? Only one AZ should be set

9. Anything else do we need to know? This is a staging cluster, so to save money: Master nodes are configured to run on a single AZ Worker nodes are configured to run on a single AZ

Didn't happen on every LB

aberenshtein avatar May 29 '22 11:05 aberenshtein

It's not the kOps components that creates load balancers from service objects, but the cloud controller manager. In 1.22, that is a part of kubernetes itself. As of kOps 1.24, it is this project: https://github.com/kubernetes/cloud-provider-aws

/remove-kind bug /kind support

olemarkus avatar May 29 '22 12:05 olemarkus

Thanks

aberenshtein avatar May 29 '22 13:05 aberenshtein

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 27 '22 14:08 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Sep 26 '22 14:09 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Oct 26 '22 14:10 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Oct 26 '22 14:10 k8s-ci-robot