Bug 1798788 - In IPv6 bare metal deployment kubelet binds on a VIP instead of the local address
Summary: In IPv6 bare metal deployment kubelet binds on a VIP instead of the local add...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.4.0
Assignee: Antoni Segura Puimedon
QA Contact: Victor Voronkov
URL:
Whiteboard:
Depends On:
Blocks: 1797655
TreeView+ depends on / blocked
 
Reported: 2020-02-06 01:27 UTC by Antoni Segura Puimedon
Modified: 2020-05-04 11:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-04 11:34:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 1444 0 None closed Bug 1798788: Set Kubelet node IP to non-vip 2020-05-03 08:49:29 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:34:29 UTC

Description Antoni Segura Puimedon 2020-02-06 01:27:12 UTC 
This bug was initially created as a copy of Bug #1797655

I am copying this bug because: 



Description of problem:
In IPv6 bare metal deployment kubelet binds on a VIP instead of the local address.

[root@master-1 core]# ip a s dev ens4
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:50:be:71 brd ff:ff:ff:ff:ff:ff
    inet6 fd2e:6f44:5dd8:c956::5/128 scope global nodad deprecated noprefixroute 
       valid_lft forever preferred_lft 0sec
    inet6 fd2e:6f44:5dd8:c956::2/128 scope global nodad deprecated noprefixroute 
       valid_lft forever preferred_lft 0sec
    inet6 fd2e:6f44:5dd8:c956::134/128 scope global dynamic noprefixroute 
       valid_lft 3378sec preferred_lft 3378sec
    inet6 fe80::5054:ff:fe50:be71/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

fd2e:6f44:5dd8:c956::5 and fd2e:6f44:5dd8:c956::2 are VIPs while fd2e:6f44:5dd8:c956::134 is the local address.

root      3013  7.3  0.5 3525436 169596 ?      Ssl  Jan31 289:18 /usr/bin/hyperkube kubelet --config=/etc/kubernetes/kubelet.conf --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig --container-runtime=remote --container-runtime-endpoint=/var/run/crio/crio.sock --node-labels=node-role.kubernetes.io/master,node.openshift.io/os_id=rhcos --node-ip :: --minimum-container-ttl-duration=6m0s --cloud-provider= --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec --v=3

kuberenets endpoints include the VIP:
[kni@provisionhost-0 ~]$ oc get endpoints
NAME         ENDPOINTS                       AGE
kubernetes   [fd2e:6f44:5dd8:c956::5]:6443   2d17h


Version-Release number of selected component (if applicable):
4.3.0-0.nightly-2020-01-29-114541-ipv6.1

How reproducible:
100%

Steps to Reproduce:
1. Deploy bare metal env with IPv6 control plane
2. Check kubernetes endpoint

Actual results:
Include VIPs instead of interface local addresses.

Expected results:
Kubelet should bind on the local address.

Additional info:
Comment 2 Victor Voronkov 2020-03-12 19:29:03 UTC 
Verified on 4.4.0-0.ci-2020-03-11-095511

[kni@provisionhost-0 ~]$ oc get endpoints
NAME         ENDPOINTS                                                                                         AGE
kubernetes   [fd2e:6f44:5dd8:c956::112]:6443,[fd2e:6f44:5dd8:c956::11c]:6443,[fd2e:6f44:5dd8:c956::150]:6443   12h
Comment 4 errata-xmlrpc 2020-05-04 11:34:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581
Note You need to log in before you can comment on or make changes to this bug.