Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include all APIserver addresses for nodeup config #16813

Merged
merged 3 commits into from
Sep 7, 2024
Merged

Include all APIserver addresses for nodeup config #16813

merged 3 commits into from
Sep 7, 2024

Conversation

rifelpet
Copy link
Member

@rifelpet rifelpet commented Sep 6, 2024

With this plus #16812 i'm able to get an ipv6 dns=none cluster to pass validation.

Before we were only including ipv4 addresses because those are the only CIDRs included in the cluster spec - ipv6 CIDRs are provided by AWS. This resulted in nodes failing to bootstrap because they couldn't reach the kops-controller endpoint:

Sep 06 01:23:11 i-0250853b64092f19d nodeup[1323]: W0906 01:23:11.157536 1323 main.go:133] got error running nodeup (will retry in 30s): failed to get node config from server: Post "https://172.20.5.248:3988/bootstrap": dial tcp 172.20.5.248:3988: connect: network is unreachable

Even though the ipv6 address and load balancer DNS name both work:

$ curl -6 -k  'https://[2600:1f14:1800:ab02:ba1a:4b60:b424:d3f3]:3988/bootstrap'
failed to verify token

curl -k https://api-peter-ipv6-k8s--k283sk-ef9b199ef8b93ba4.elb.us-west-2.amazonaws.com:3988/bootstrap
failed to verify token

With this change, the nodeup config userdata changes as such:

Will modify resources:
  LaunchTemplate/control-plane-us-west-2a.masters.peter-rifel-ipv6.k8s.local
  	UserData
  	                    	...
  	                    	  APIServerIPs:
  	                    	  - 172.20.5.248
  	                    	+ - 2600:1f14:1800:ab02:ba1a:4b60:b424:d3f3
  	                    	+ - api-peter-ipv6-k8s--k283sk-ef9b199ef8b93ba4.elb.us-west-2.amazonaws.com
  	                    	  CloudProvider: aws
  	                    	  ClusterName: peter-ipv6.k8s.local
  	                    	...


  LaunchTemplate/nodes-us-west-2a.peter-rifel-ipv6.k8s.local
  	UserData
  	                    	...
  	                    	  APIServerIPs:
  	                    	  - 172.20.5.248
  	                    	+ - 2600:1f14:1800:ab02:ba1a:4b60:b424:d3f3
  	                    	+ - api-peter-ipv6-k8s--k283sk-ef9b199ef8b93ba4.elb.us-west-2.amazonaws.com
  	                    	  CloudProvider: aws
  	                    	  ClusterName: peter-ipv6.k8s.local
  	                    	...
  	                    	    servers:
  	                    	    - https://172.20.5.248:3988/
  	                    	+   - https://[2600:1f14:1800:ab02:ba1a:4b60:b424:d3f3]:3988/
  	                    	+   - https://api-peter-ipv6-k8s--k283sk-ef9b199ef8b93ba4.elb.us-west-2.amazonaws.com:3988/
  	                    	  InstanceGroupName: nodes-us-west-2a
  	                    	  InstanceGroupRole: Node
  	                    	...


Must specify --yes to apply changes

Marking this as draft because its possible we could find a better approach, and because this may break other cluster configurations

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 6, 2024
@k8s-ci-robot k8s-ci-robot added the area/provider/aws Issues or PRs related to aws provider label Sep 6, 2024
@rifelpet rifelpet added kind/office-hours and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. area/provider/aws Issues or PRs related to aws provider labels Sep 6, 2024
@rifelpet
Copy link
Member Author

rifelpet commented Sep 6, 2024

From office hours: I will add back the filtering logic but always include any ipv6 addresses. It will still exclude the DNS names though.

@rifelpet rifelpet force-pushed the ipv6-kops-controller branch from b1861b8 to f63508a Compare September 6, 2024 20:52
@k8s-ci-robot k8s-ci-robot added area/provider/aws Issues or PRs related to aws provider size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 6, 2024
@rifelpet rifelpet force-pushed the ipv6-kops-controller branch from f63508a to 6261b0f Compare September 6, 2024 20:53
@rifelpet rifelpet marked this pull request as ready for review September 6, 2024 21:03
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 6, 2024
@rifelpet
Copy link
Member Author

rifelpet commented Sep 6, 2024

/test pull-kops-e2e-cni-cilium-ipv6

@rifelpet
Copy link
Member Author

rifelpet commented Sep 6, 2024

the cluster validated and e2e tests started, but the prow job pod was interrupted

/test pull-kops-e2e-cni-cilium-ipv6

@rifelpet
Copy link
Member Author

rifelpet commented Sep 6, 2024

tests pass too 🎉
/cc @hakman

@rifelpet
Copy link
Member Author

rifelpet commented Sep 6, 2024
edited
Loading

It looks like this is only needed for dns=none clusters. normal DNS clusters are already passing with my IMDS and controller-runtime changes: https://testgrid.k8s.io/kops-ipv6#kops-aws-cni-calico-ipv6-flatcar

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 7, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 7, 2024
@hakman
Copy link
Member

hakman commented Sep 7, 2024

Awesome work!

@k8s-ci-robot k8s-ci-robot merged commit eac588a into kubernetes:master Sep 7, 2024
24 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.31 milestone Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hakman hakman hakman approved these changes

@johngmyers johngmyers Awaiting requested review from johngmyers

@olemarkus olemarkus Awaiting requested review from olemarkus

Assignees

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/aws Issues or PRs related to aws provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/office-hours lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.31
Development

Successfully merging this pull request may close these issues.
3 participants
@rifelpet @k8s-ci-robot @hakman