cilium / cilium-cli

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
https://cilium.io
Apache License 2.0
435 stars 208 forks source link

Bug report: When `cilium clustermesh connect`, DNS resolution fails if the NLB of ClusterMesh API Server is in Private Network #1523

Closed kahirokunn closed 1 month ago

kahirokunn commented 1 year ago

Bug report

General Information

How to reproduce the issue

You can check the error by preparing two clusters built with the following values in Helm.

clustermesh:
  apiserver:
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
      type: LoadBalancer
      externalTrafficPolicy: Local

Solution

The Private IPs of CLB and NLB can be obtained by executing the following command.

If you could not get the IP, you can do it for each vendor. For example, in case of AWS, you can get the Private IP without going through DNS by doing the following.

Reference: https://dev.classmethod.jp/articles/check_elb_private_ip/

NLB

NLB_NAME=fugafuga
NLB_ID=$(aws elbv2 describe-load-balancers --name "$NLB_NAME" --query "LoadBalancers[].[LoadBalancerName,LoadBalancerArn]" --output json | jq '.[0][1] | match("^.*/(net/.*)$").captures[0].string' --raw-output)

aws ec2 describe-network-interfaces --filters Name=description,Values="ELB $NLB_ID" --query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress' --output text

Result

10.0.17.3
10.0.44.4
10.0.5.5

CLB

CLB_NAME=hogehoge
aws ec2 describe-network-interfaces --filters Name=description,Values="ELB $CLB_NAME" --query 'NetworkInterfaces[*].PrivateIpAddresses[*].PrivateIpAddress' --output text

Whether the deployed LB is NLB or CLB is included in the ELB information.

reoring commented 1 year ago

I have same issues.

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

github-actions[bot] commented 1 month ago

This issue has not seen any activity since it was marked stale. Closing.

kahirokunn commented 1 month ago

/reopen