kube-static-egress-ip
kube-static-egress-ip copied to clipboard
nirmata
Failed to add egress IP due to failed to find interface
Hi,
I follow this installation : https://github.com/nirmata/kube-static-egress-ip#installation and I get this error after apply my deployment (given at the end of this post).
I deploy only one static-egressip-controller pod (by nodeSelector selection) on node with 10.205.14.166 IP.
Here is the error :
I0219 16:55:17.086137 1 controller.go:233] Processing update to StaticEgressIP: default/egressip
I0219 16:55:17.092408 1 gateway.go:86] Created ipset name: EGRESS-IP-2XT2FC5FTMR7KU3B
I0219 16:55:17.095040 1 gateway.go:95] Added ips [10.233.71.11] to the ipset name: EGRESS-IP-2XT2FC5FTMR7KU3B
I0219 16:55:17.097205 1 gateway.go:108] Added rules in filter table FORWARD chain to permit traffic
E0219 16:55:17.099137 1 controller.go:314] Failed to add egress IP 10.205.14.166 for the staticegressip default/egressip on the gateway due to failed to find interface
I0219 16:55:17.099162 1 controller.go:199] Successfully synced 'default/egressip'
Can anyone help me ? Am I missing something?
Thanks!!!
My deploment :
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: busybox
name: busybox
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: busybox
template:
metadata:
labels:
app: busybox
spec:
nodeSelector:
egress-busybox: "true"
containers:
- name: busybox
image: busybox:latest
args:
- /bin/sh
- -c
- while (true); do date; wget <third_app_ip>; sleep 1; done;
---
apiVersion: v1
kind: Service
metadata:
name: busybox
namespace: default
spec:
ports:
- name: web
port: 80
protocol: TCP
targetPort: 80
selector:
app: busybox
---
apiVersion: staticegressips.nirmata.io/v1alpha1
kind: StaticEgressIP
metadata:
name: egressip
namespace: default
spec:
rules:
- egressip: 10.205.14.166
service-name: busybox
cidr: <third_app_ip>/32
I have the same issue. Have you managed to find the solution for it yet @WeAreHadock ?
Unfortunately not. We are currently trying to use Calico features instead, as described here: https://www.projectcalico.org/calico-ipam-explained-and-enhanced/
Thank you for suggestion. Very appreciate. Does this approach work on your side? @WeAreHadock
We manage to create a pool and use it for a busybox, with natOutgoing: false , but this busybox can't reach an external nginx (it works with default ippool with NAT) Dunno yet where the problem come from (ippool configuration, cidr choosen...), we're currently doing some test. But give a look if you already use Calico, the MvP described in the article is quite simple.
Hi @murali-reddy, it would be nice if you can take a look on this issue, i am very close to make it work. Thank you
@tung-huynh @WeAreHadock
Please see https://github.com/nirmata/kube-static-egress-ip/issues/38
I ran into some issues making current implemented solution work across CNI. So at the moment taking differnt approach to find a solution that work across the CNI's and subnets (in case of direct routing).
Does not work as well for me, it fails with same message. When I log some stuff, I can find that I got:
Route {
Ifindex: 1
Dst: 51.xxx.xxx.160/32
Src: 51.xxx.xxx.160
Gw: <nil>
Flags: []
Table: 254
}
However here are the ifaces:
{1 65536 lo up|loopback}
{2 1500 ens3 dd:ff:aa:bb:cc:99 up|broadcast|multicast}
The address 51.xxx.xxx.160 being on ens3, which is index 2 in my case.
In the gateway code there is the following condition that prevent the interface to be detected in my case: if iface.Index == routeIndex
(Btw, I'm on a managed cluster)
