kube-static-egress-ip icon indicating copy to clipboard operation
kube-static-egress-ip copied to clipboard

Published 20 hours ago verified publisher icon nirmata

Fails to SNAT to the given static EIP (AWS)

Open iKarthik opened this issue 3 years ago • 0 comments

I have a simple one node EKS cluster, where i have deployed kube-static-egress to SNAT traffic from pods within the cluster to an EIP that i had generated. My CRD looks like this

apiVersion: staticegressips.nirmata.io/v1alpha1
kind: StaticEgressIP
metadata:
  name: test
spec:
  rules:
  - egressip: <EIP that i generated in the same subnet as the node>
    service-name: http-svc <My service which is fronting the pod>

With this setup, am unable to egress with the ip provided. In the static-egressip-controller logs, i can see that SNAT failed with the following error

E1014 14:09:56.802847       1 controller.go:373] Failed to add egress IP 192.168.10.139 for the staticegressip shared-nat-customer1/test on the gateway due to failed to find interface
I1014 14:09:56.802861       1 controller.go:216] Successfully synced 'shared-nat-customer1/test'
I1014 14:10:26.761241       1 controller.go:396] Updating StaticEgressIP: shared-nat-customer1/test
I1014 14:10:26.766465       1 controller.go:250] Processing update to StaticEgressIP: shared-nat-customer1/test
I1014 14:10:26.804443       1 gateway.go:87] Created ipset name: EGRESS-IP-3V5VGT4JGNTLSRYL
I1014 14:10:26.805732       1 gateway.go:96] Added ips [192.168.10.144 192.168.11.236] to the ipset name: EGRESS-IP-3V5VGT4JGNTLSRYL
E1014 14:10:26.806772       1 controller.go:369] Failed to setup rules to send egress traffic on gateway%!(EXTRA string=Failed to verify rule exists in STATIC-EGRESS-FORWARD-CHAIN chain of filter tablerunning [/sbin/iptables -t filter -C STATIC-EGRESS-FORWARD-CHAIN -m set --set EGRESS-IP-3V5VGT4JGNTLSRYL src -d  -j ACCEPT --wait]: exit status 2: --set option deprecated, please use --match-set
iptables v1.6.2: host/network `' not found
Try `iptables -h' or 'iptables --help' for more information.
)
E1014 14:10:26.807080       1 controller.go:373] Failed to add egress IP <EIP> for the staticegressip shared-nat-customer1/test on the gateway due to failed to find interface

What am i missing here?

My EKS K8s version: 1.20

iKarthik avatar Oct 14 '21 14:10 iKarthik