Registrator doesn't reports IP of Kubernetes Pod

[iluxame]

• What version of docker are you running? 1.12.3

• What version of registrator are you running? master

• Did you build a custom version of registrator? If so, what is that image?

• What is the exact command you are running registrator with? --internal consul://localhost:8500

• What is the exact command you are running your container with? container brought up via kubernetes 1.3+ with exposed port.

• A log capture of all the docker events before, during, and after the issue.

• If relevant, Dockerfile for application that is having issues.

Description of the problem: Kubernetes pod contains namespace container and one or more containers defined by user. These containers are using this namespace container in order to communicate with outside world so their NetworkMode is set to container: and they doesn't have IP in their Docker metadata. Since Registartor is using docker.inspect on container it doesn't catch its IP and provides all info to Consul without container IP.

How reproducible: Deterministic

Steps to Reproduce: Install Registrator container directly via Docker on each Kubernetes host. Create Kubernetes pod with the same data like it was a Docker container with Registrator related env vars. Go to Consul or run curl via agent and see that all data you've pass is there but IP is not reported

Actual Results: Go to Consul or run curl via agent and see that all data you've pass is there but IP is not reported Expected Results: To see all data with IP Additional info:

Possible solution is to add additional lookup and check the value of NetworkMode and in case of container network to retrieve IP information from the relevant container

[balexx]

PR #507 should solve the issue.

[ganeshkaila]

@balexx I am having the similar problem here. I am not sure, whether the problem is because of my current approach or really an issue. So, I wanted to describe the flow here.

Steps to reproduce the problem:

• Create a consul agent k8s daemon set which runs the following command:

  consul agent -bind= -client= -retry-join= -data-dir=/tmp/consul -config-dir=/etc/consul.d -dns-port=53 -recursor=169.254.169.254

• Create a registrator k8s daemon set which runs the following command:

  registrator -internal consul://:8500

• Create a tomcat k8s deployment.

Additional logs, those may help:

• Registered tomcat service info from one of the consul agent clients:

  Note:

  The expected IP address is Pod IP as the registrator command run with -internal flag. But, from the logs, the IP address (10.0.4.3) which we see here is node IP (host IP)

  [my-user@consul-client ~]$ curl http://localhost:8500/v1/catalog/service/tomcat | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 496 100 496 0 0 83068 0 --:--:-- --:--:-- --:--:-- 99200 [ { "ID": "", "Node": "", "Address": "10.0.4.3", "TaggedAddresses": { "lan": "10.0.4.3", "wan": "10.0.4.3" }, "NodeMeta": {}, "ServiceID": ":k8s_tomcat.51553472_tomcat-3058337000-gzrq3_default_d5a08495-0e03-11e7-afc1-42010af001ae_0fe53860:8080", "ServiceName": "tomcat", "ServiceTags": [], "ServiceAddress": "", "ServicePort": 8080, "ServiceEnableTagOverride": false, "CreateIndex": 23658, "ModifyIndex": 23658 } ]

• The pod described info from the kube-master.

  my-user@gke-project-id:~$ kubectl describe pod tomcat-3058337000-gzrq3 Name: tomcat-3058337000-gzrq3 Namespace: default Node: /10.0.4.3 Start Time: Tue, 21 Mar 2017 12:28:49 +0530 Labels: pod-template-hash=3058337000 run=tomcat Status: Running IP: 10.120.1.7 Controllers: ReplicaSet/tomcat-3058337000 Containers: tomcat: Container ID: docker://d801b11b03d2130dc686509c0dcdb243ced73178291ea172bb11816795a0fa07 Image: tomcat:8.0 Image ID: docker://sha256:ab805da84643fe7736b5924a7539b201f1ba54cb8bfdc6c102cc35b67f7d1d20 Port: 8080/TCP Requests: cpu: 100m State: Running Started: Tue, 21 Mar 2017 12:29:11 +0530 Ready: True Restart Count: 0 Volume Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-l1f17 (ro) Environment Variables: NODE_NAME: (v1:spec.nodeName) Conditions: Type Status Initialized True Ready True PodScheduled True Volumes: default-token-l1f17: Type: Secret (a volume populated by a Secret) SecretName: default-token-l1f17 QoS Class: Burstable Tolerations: No events.

• The docker container inspect information:

  my-user@ ~ $ docker inspect d801b11b03d2 [ { "Id": "d801b11b03d2130dc686509c0dcdb243ced73178291ea172bb11816795a0fa07", "Created": "2017-03-21T06:59:11.627601034Z", "Path": "catalina.sh", "Args": [ "run" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 5461, "ExitCode": 0, "Error": "", "StartedAt": "2017-03-21T06:59:11.682678474Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:ab805da84643fe7736b5924a7539b201f1ba54cb8bfdc6c102cc35b67f7d1d20", "ResolvConfPath": "/var/lib/docker/containers/1c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545/resolv.conf", "HostnamePath": "/var/lib/docker/containers/1c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545/hostname", "HostsPath": "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/etc-hosts", "LogPath": "/var/lib/docker/containers/d801b11b03d2130dc686509c0dcdb243ced73178291ea172bb11816795a0fa07/d801b11b03d2130dc686509c0dcdb243ced73178291ea172bb11816795a0fa07-json.log", "Name": "/k8s_tomcat.51553472_tomcat-3058337000-gzrq3_default_d5a08495-0e03-11e7-afc1-42010af001ae_0fe53860", "RestartCount": 0, "Driver": "overlay", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": [ "7e7b28dd18528775308961976a0aaf18d32955b8be6f961632cd2fff250a8945", "3467bdf0c0b57d063c0b91e120349345b012d2aa6718894a23b91d21d680df26" ], "HostConfig": { "Binds": [ "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/volumes/kubernetes.io~secret/default-token-l1f17:/var/run/secrets/kubernetes.io/serviceaccount:ro", "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/etc-hosts:/etc/hosts", "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/containers/tomcat/0fe53860:/dev/termination-log" ], "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "container:1c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545", "PortBindings": null, "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": null, "DnsOptions": null, "DnsSearch": null, "ExtraHosts": null, "GroupAdd": null, "IpcMode": "container:1c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545", "Cgroup": "", "Links": null, "OomScoreAdj": 999, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": [ "seccomp=unconfined" ], "StorageOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 102, "Memory": 0, "CgroupParent": "/", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": -1, "MemorySwappiness": -1, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "BlkioIOps": 0, "BlkioBps": 0, "SandboxSize": 0 }, "GraphDriver": { "Name": "overlay", "Data": { "LowerDir": "/var/lib/docker/overlay/c417d3728afb62045b88dbb8e15c6509ff475ce0ae534b5fe362decf3bbaa03e/root", "MergedDir": "/var/lib/docker/overlay/1627dbe7a705ed9213cb26456821eae3083f7544d2982cb4b11d6e4fe960dbd9/merged", "UpperDir": "/var/lib/docker/overlay/1627dbe7a705ed9213cb26456821eae3083f7544d2982cb4b11d6e4fe960dbd9/upper", "WorkDir": "/var/lib/docker/overlay/1627dbe7a705ed9213cb26456821eae3083f7544d2982cb4b11d6e4fe960dbd9/work" } }, "Mounts": [ { "Source": "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/volumes/kubernetes.io~secret/default-token-l1f17", "Destination": "/var/run/secrets/kubernetes.io/serviceaccount", "Mode": "ro", "RW": false, "Propagation": "rprivate" }, { "Source": "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/etc-hosts", "Destination": "/etc/hosts", "Mode": "", "RW": true, "Propagation": "rprivate" }, { "Source": "/var/lib/kubelet/pods/d5a08495-0e03-11e7-afc1-42010af001ae/containers/tomcat/0fe53860", "Destination": "/dev/termination-log", "Mode": "", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "tomcat-3058337000-gzrq3", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "8080/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "NODE_NAME=", "KUBERNETES_PORT_443_TCP_PORT=443", "KUBERNETES_PORT_443_TCP_ADDR=10.123.240.1", "KUBERNETES_SERVICE_HOST=10.123.240.1", "KUBERNETES_SERVICE_PORT=443", "KUBERNETES_SERVICE_PORT_HTTPS=443", "KUBERNETES_PORT=tcp://10.123.240.1:443", "KUBERNETES_PORT_443_TCP=tcp://10.123.240.1:443", "KUBERNETES_PORT_443_TCP_PROTO=tcp", "PATH=/usr/local/tomcat/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre", "JAVA_VERSION=7u121", "JAVA_DEBIAN_VERSION=7u121-2.6.8-2~deb8u1", "CATALINA_HOME=/usr/local/tomcat", "TOMCAT_NATIVE_LIBDIR=/usr/local/tomcat/native-jni-lib", "LD_LIBRARY_PATH=/usr/local/tomcat/native-jni-lib", "OPENSSL_VERSION=1.1.0e-1", "GPG_KEYS=05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23", "TOMCAT_MAJOR=8", "TOMCAT_VERSION=8.0.42", "TOMCAT_TGZ_URL=https://www.apache.org/dyn/closer.cgi?action=download\u0026filename=tomcat/tomcat-8/v8.0.42/bin/apache-tomcat-8.0.42.tar.gz", "TOMCAT_ASC_URL=https://www.apache.org/dist/tomcat/tomcat-8/v8.0.42/bin/apache-tomcat-8.0.42.tar.gz.asc" ], "Cmd": [ "catalina.sh", "run" ], "Image": "tomcat:8.0", "Volumes": null, "WorkingDir": "/usr/local/tomcat", "Entrypoint": null, "OnBuild": null, "Labels": { "io.kubernetes.container.hash": "51553472", "io.kubernetes.container.name": "tomcat", "io.kubernetes.container.ports": "[{\"containerPort\":8080,\"protocol\":\"TCP\"}]", "io.kubernetes.container.restartCount": "0", "io.kubernetes.container.terminationMessagePath": "/dev/termination-log", "io.kubernetes.pod.name": "tomcat-3058337000-gzrq3", "io.kubernetes.pod.namespace": "default", "io.kubernetes.pod.terminationGracePeriod": "30", "io.kubernetes.pod.uid": "d5a08495-0e03-11e7-afc1-42010af001ae" } }, "NetworkSettings": { "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": null, "SandboxKey": "", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "", "Networks": null } } ]

Note:

FYI, consul and registrator are run with the hostNetwork enabled where as tomcat is run with default options.

cc @iluxame

[balexx]

@meganesh containers inside kubernetes pods don't see their IP address properly. See the following from your 'docker inspect':

        "NetworkMode": "container:1c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545",

What this means is that networking of the tomcat container is "offloaded" to container c00a4d939d46742bf8f502b29b79122647fbde5190c2944371560ad901a4545, which is the one carrying the IP address.

PR 507 solves this, by grabbing the IP of the linked container.

[ganeshkaila]

@balexx Did you test https://github.com/gliderlabs/registrator/pull/507 in GKE?

FYI, the logs corresponding to my tomcat service registration with registrator:

  2017/03/22 06:08:44 tomcat: detected container NetworkMode, linked to: a7823230f585
  2017/03/22 06:08:44 tomcat: using network container IP 
  2017/03/22 06:08:44 added: c94f42796593 NODE_NAME:k8s_tomcat.4f2a469_tomcat-66122773-g6xt1_default_f19b47ec-0ec5-11e7-bc48-42010af00249_0be74575:8080

The registered tomcat service on the consul side:

  [my-user@consul-client ~]$ curl http://localhost:8500/v1/catalog/service/tomcat | jq
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                   Dload  Upload   Total   Spent    Left  Speed
  100   489  100   489    0     0  81581      0 --:--:-- --:--:-- --:--:-- 97800
  [
    {
      "ID": "4a223fd7-652f-727c-dff2-f0f3f689c218",
      "Node": "NODE_NAME",
      "Address": "10.0.4.4",
      "TaggedAddresses": {
        "lan": "10.0.4.4",
        "wan": "10.0.4.4"
      },
      "NodeMeta": {},
      "ServiceID": "NODE_NAME:k8s_tomcat.4f2a469_tomcat-66122773-g6xt1_default_f19b47ec-0ec5-11e7-bc48-42010af00249_0be74575:8080",
      "ServiceName": "tomcat",
      "ServiceTags": [],
      "ServiceAddress": "",
      "ServicePort": 8080,
      "ServiceEnableTagOverride": false,
      "CreateIndex": 27546,
      "ModifyIndex": 27546
    }
  ]

The service is resolving to node ip instead of container ip.

  [my-user@consul-client ~]$ ping -n -c2 tomcat.service.consul
  PING tomcat.service.consul (10.0.4.4) 56(84) bytes of data.
  64 bytes from 10.0.4.4: icmp_seq=1 ttl=64 time=0.845 ms
  64 bytes from 10.0.4.4: icmp_seq=2 ttl=64 time=0.344 ms
  --- tomcat.service.consul ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 1000ms
  rtt min/avg/max/mdev = 0.344/0.594/0.845/0.251 ms

Note:

The icmp request is expected to resolve to 10.136.1.4 instead of 10.0.4.4.

[balexx]

@meganesh according to this line:

2017/03/22 06:08:44 tomcat: detected container NetworkMode, linked to: a7823230f585

You should look at the container a7823230f585 and see what network address it holds. I believe what you're seeing is the IP used by that container.

The patch I provided was not tested on GKE, so YMMV.

[ganeshkaila]

@balexx I just re-run the service again.

Newly generated logs on registrator side while tomcat is getting registered.

  2017/03/22 09:53:15 tomcat: detected container NetworkMode, linked to: bd52929abcf2
  2017/03/22 09:53:15 tomcat: using network container IP 
  2017/03/22 09:53:15 added: d47a662b20af NODE_NAME:k8s_tomcat.a284bf2f_tomcat-37895574829v7cv_default_ad071f33-0ee1-11e7-bc48-42010af00249_43936e18:8080

When I did docker inspect bd52929abcf2, I found no IP address at NetworkSettings.IPAddress and NetworkSettings.Networks.none.IPAddress.

[ganeshkaila]

@balexx FYI,

registrator-ds.yml:

  apiVersion: extensions/v1beta1
  kind: DaemonSet
  metadata:
    creationTimestamp: null
    labels:
      run: registrator
    name: registrator
  spec:
    selector:
      matchLabels:
        run: registrator
    template:
      metadata:
        creationTimestamp: null
        labels:
          run: registrator
      spec:
        hostNetwork: true
        containers:
        - image: gliderlabs/registrator:master
          name: registrator
          command: ["/bin/sh"]
          args: ["-c", "registrator -internal consul://<NODE_IP>:8500"]
          lifecycle:
            postStart:
              exec:
                command:
                  - "/bin/sh"
                  - "-c"
                  - "echo \"nameserver <NODE_IP>\" > /etc/resolv.conf"
          env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          volumeMounts:   
          - mountPath: /tmp/docker.sock
            name: docker-sock
        volumes:
        - name: docker-sock
          hostPath:
            path: /var/run/docker.sock

tomcat-deploy.yml

  apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    creationTimestamp: null
    labels:
      run: tomcat
    name: tomcat
  spec:
    replicas: 1
    selector:
      matchLabels:
        run: tomcat
    strategy: {}
    template:
      metadata:
        creationTimestamp: null
        labels:
          run: tomcat
      spec:
        containers:
        - image: tomcat:8.0
          name: tomcat
          ports:
          - containerPort: 8080
          lifecycle:
            postStart:
              exec:
                command:
                  - "/bin/sh"
                  - "-c"
                  - "echo \"nameserver <NODE_IP>\" > /etc/resolv.conf"
          env:
          - name: SERVICE_NAME
            value: tomcat
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName           
          - name: POD_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          resources: {}
  status: {}

Please let me know, if I have given anything wrong in the configuration perspective of registrator or tomcat.

[ganeshkaila]

@balexx I have recently tested it on my local kubernetes cluster as well. It didn't work there also. Please point me if I am missing any configuration in the spec files.

[balexx]

Then it seems like GKE is behaving differently than bare metal, which is what we're using.

Maybe if you post docker describe for the tomcat container and the pause container it's linked to, we can find where the IP address is actually stated.

[gvenka008c]

@meganesh Did you fix the issue? Can you provide what change was done on registrator end?

[ganeshkaila]

@gvenka008c If you are having the similar problem, this docker hub repo may help.

[raffian]

@iluxame

What does your Tomcat application connect with to do service discovery? Registrator, or the back end provider?