Keepalived vip in kubevirt ping failed.

kubeovn / kube-ovn

A Bridge between SDN and Cloud Native (Project under CNCF)

https://kubeovn.github.io/docs/stable/en/

Apache License 2.0

1.96k stars 447 forks source link

Keepalived vip in kubevirt ping failed. #3956

Closed yehaifeng closed 6 months ago

yehaifeng commented 6 months ago

Kube-OVN Version

v1.11.15

Kubernetes Version

v1.28.2

Operation-system/Kernel Version

5.14.0-391.el9.x86_64

Description

Startup keepalived in kubevirt and up a vip, but i cann't ping the vip outside cluster. Anything i can do?

Steps To Reproduce

Installing a vm using kubevirt with kube-ovn sdn
Starting keepalived and a vip
Ping this vip from other machine.

Current Behavior

Ping vip failed.

Expected Behavior

Ping vip success

zhangzujian commented 6 months ago

Please try to add the following annotation to the kubevirt vm/pod in your vm definition:

ovn.kubernetes.io/layer2_forward: true

yehaifeng commented 6 months ago

I added this annotation but it is not working

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubectl.kubernetes.io/default-container: compute
    kubevirt.io/allow-pod-bridge-network-live-migration: ""
    kubevirt.io/migrationTransportUnix: "true"
    kubevirt.io/vm-generation: "2"
    ovn.kubernetes.io/allocated: "true"
    ovn.kubernetes.io/cidr: 192.168.81.0/24
    ovn.kubernetes.io/ip_address: 192.168.81.4
    ovn.kubernetes.io/layer2_forward: "true"
    ovn.kubernetes.io/logical_switch: subnet81
    ovn.kubernetes.io/mac_address: 00:50:56:b7:6f:03
    ovn.kubernetes.io/pod_nic_type: veth-pair
    ovn.kubernetes.io/provider_network: trunk
    ovn.kubernetes.io/routed: "true"
    ovn.kubernetes.io/vlan_id: "81"

bobz965 commented 6 months ago

are you using vpc or underlay subnet ？

try this in v1.11.17 （not released）

zhangzujian commented 6 months ago

Please attach the output of the following command:

kubectl -n kube-system exec svc/ovn-nb -- ovn-nbctl list logical_switch_port <VM>.<NAMESPACE>

yehaifeng commented 6 months ago

are you using vpc or underlay subnet ？

try this in v1.11.17 （not released）

I use underlay network using vlan.

Nothing security groups is used.

yehaifeng commented 6 months ago

Please attach the output of the following command:
kubectl -n kube-system exec svc/ovn-nb -- ovn-nbctl list logical_switch_port <VM>.<NAMESPACE>

@zhangzujian

_uuid               : abe44e02-8b61-4a07-b9eb-955e6af6c06a
addresses           : ["00:50:56:b7:6f:03 192.168.81.4", unknown]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {ip="192.168.81.4", ls=subnet81, pod="vlan81/openshift4-haproxy-81a4", vendor=kube-ovn}
ha_chassis_group    : []
name                : openshift4-haproxy-81a4.vlan81
options             : {}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : true

zhangzujian commented 6 months ago

addresses : ["00:50:56:b7:6f:03 192.168.81.4", unknown]

There is an unknown address on the LSP, so the annotation ovn.kubernetes.io/layer2_forward: true works as expected.

Please check whether your VIP can be accessed in your physical network.

yehaifeng commented 6 months ago

@zhangzujian Thanks for your help.

vrrp_strict is configured in keepalived, removing it then it's work and no annotation ovn.kubernetes.io/layer2_forward: true