Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubeadm init/join support setting kubelet KubeConfig serverURL to local APIEndpoint #2996

Closed
chenk008 opened this issue Jan 15, 2024 · 9 comments
Closed

Kubeadm init/join support setting kubelet KubeConfig serverURL to local APIEndpoint #2996

chenk008 opened this issue Jan 15, 2024 · 9 comments
Labels
area/kubelet priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Milestone
v1.30

Comments

@chenk008
Copy link

chenk008 commented Jan 15, 2024
edited
Loading

What would you like to be added?

Kubeadm will create kubelet KubeConfig file when init/join control-plane. The serverURL is control-plane-endpoint load balancer address by default.

Adding a flag to change kubelet KubeConfig serverURL to local APIEndpoint, instead of controlPlane load balancer address

Why is this needed?

With some load balancer, the node can not connect to itself across the load balancer, so kubeadm init will fail. Setting kubelet KubeConfig serverURL to local APIEndpoint, the kubeadm init will succeed.
@chenk008 chenk008 added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 15, 2024
@k8s-ci-robot k8s-ci-robot added needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 15, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@chenk008 chenk008 changed the title Kubeadm control-plane support kubelet Kubeadm init/join support setting kubelet KubeConfig serverURL to local APIEndpoint Jan 15, 2024
@k8s-ci-robot
Copy link
Contributor

@chenk008: The label(s) sig/kubeadm cannot be applied, because the repository doesn't have them.

In response to this:

/sig kubeadm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@chenk008
Copy link
Author

/area kubeadm

/sig cluster-lifecycle

@k8s-ci-robot k8s-ci-robot added area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 15, 2024
@neolit123
Copy link
Member

/transfer kubeadm

@k8s-ci-robot k8s-ci-robot transferred this issue from kubernetes/kubernetes Jan 16, 2024
@neolit123 neolit123 added priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. area/kubelet and removed sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. kind/feature Categorizes issue or PR as related to a new feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. area/kubeadm labels Jan 16, 2024
@neolit123 neolit123 added this to the v1.30 milestone Jan 16, 2024
@neolit123
Copy link
Member

With some load balancer, the node can not connect to itself across the load balancer, so kubeadm init will fail. Setting kubelet KubeConfig serverURL to local APIEndpoint, the kubeadm init will succeed.

do you mean serverURL in kubelet.conf?
i don't think we want to do that. currently it points to the control plane endpoint which is expected for HA setups.

there is a plan to make the kubelet.conf point to localhost actually:
#2271

cc @chrischdi

@chenk008
Copy link
Author

chenk008 commented Jan 16, 2024
edited
Loading

With some load balancer, the node can not connect to itself across the load balancer, so kubeadm init will fail. Setting kubelet KubeConfig serverURL to local APIEndpoint, the kubeadm init will succeed.

do you mean serverURL in kubelet.conf? i don't think we want to do that. currently it points to the control plane endpoint which is expected for HA setups.

Yes, it is. The node can not connect to itself across the load balancer (e.g. Alibaba cloud Classic Load Balancer).

I think it is acceptable the kubelet will failed to register or be not ready if the local apiserver is not ready.

@neolit123
Copy link
Member

neolit123 commented Jan 16, 2024
edited
Loading

Yes, it is. The node can not connect to itself across the load balancer (e.g. Alibaba cloud Classic Load Balancer).

is this hairpin mode? the azure LB had a similar problem, more details in #2271, IIRC.
there were some workarounds mentioned somewhere.

I think it is acceptable the kubelet will failed to register or be not ready if the local apiserver is not ready.

yes, but this is a complicated problem. if you enable the option you request (connect kubelet.conf to localAPIEndpooint) the node that this kubelet manages will (or may) currently fail to register.

i suggest we close this ticket and continue the discussion in here:

there is a plan to make the kubelet.conf point to localhost actually:
#2271

@neolit123 neolit123 mentioned this issue Jan 16, 2024
Merged
@neolit123
Copy link
Member

#2996 (comment)
/close

@k8s-ci-robot
Copy link
Contributor

@neolit123: Closing this issue.

In response to this:

#2996 (comment)
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kubelet priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Projects
None yet
Milestone
v1.30
Development

No branches or pull requests
3 participants
@neolit123 @chenk008 @k8s-ci-robot