ACS with custom VNet: Kubernetes Dashboard and Node Port Service Type is not working as expected

[vikaskulwal]

Is this a request for help?: No, We have the solution/workaround. We just want you to fix it.

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

Orchestrator and version (e.g. Kubernetes, DC/OS, Swarm) Kubernetes

What happened: 1) Unable to launch Kubernetes Dash board. 2) "Node Port" type of service is not working as expected. It is accessible using the IP of only agent node on which it's pod is currently running. It should be accessible using IP of any agent node and the port assigned to it.

What you expected to happen:

1. Kubernetes Dash board should work properly
2. Node Port type service should work properly

How to reproduce it (as minimally and precisely as possible):

1. Create ACS cluster in custom VNet/Subnet
2. Try to launch kubernetes dashborad using command kubectl proxy
3. Deploy a Node Port type service and try to access with every agent node IP and assigned node port.

Anything else we need to know: Both of the above issue is due to no route table association to the specified subnet of agent ans master. Solution/ Workaround: We manually attach the route(created by ACS in its resource group) to the specified custom subnet and deletes (restarts) all the pods of "kube-system" namespace.

Note: We are instantiating it using ARM template or AZ CLI in westcentralus, westus2, or centralindia regions.

[JackQuincy]

Did you attach the created Route Table to all the subnets in the VNET like this asks? https://github.com/Azure/ACS/tree/master/docs/VNET That is required for the node to node communication like NodePort services to work.

[vikaskulwal]

Yes, I have attached it to all subnets. We are attaching the route tables manually and then everything runs smoothly after restarting all pods of 'kube-system' namespace. I believe its an issue and it should be done automatically during ACS instantiation itself. Please correct me if I am wrong.

[JackQuincy]

Well our public documentation for Bring Your Own Vnet says you have to hook up the route table yourself. We could try to do the attaching our selves. I'm guessing it is a concern about what about if the subnets already have a route table associated with them. @sauryadas @anhowe Do you know why we don't attach the route table to the subnets ourselves? Needing to restart the pods is concerning to me though. When we do this in our automation we don't have to do that. Does it not work unless you restart the pods? In my experience it is just a timing thing. You have to wait a minute.