search

kubernetes-retired / kpng

[EOL] Reworking kube-proxy's architecture
Apache License 2.0
246 stars 90 forks source link

Only one family endpoints for dual-stack service #519

Closed uablrek closed 1 year ago

uablrek commented 1 year ago

What kind of issue is this?

/kind bug

Expected behaviour

For a service with ipFamilyPolicy: RequireDualStack endpoints of both families should be sent to the backend (always)

Actual behaviour

I only get endpoints from one family. Which one, ipv4 or ipv6, seems a bit random.

I understand that this is a fundamental feature, without it dual-stack can't work, and all backends would fail. However, I suspect that the to-api may be the culprit. Or I have missed some updated configuration (I have been away from kpng for a while)

Steps to reproduce the problem

Use the setup from the blog post. Use the service as-is and start 2 PODs with the correct selector. I use a Deployment with "replicas: 2", but that shouldn't be important.

Output from kpng-json | jq:

{
  "Service": {
    "Namespace": "default",
    "Name": "kpng-example",
    "Type": "ClusterIP",
    "IPs": {
      "ClusterIPs": {},
      "ExternalIPs": {
        "V4": [
          "10.0.0.55"
        ],
        "V6": [
          "1000::55"
        ]
      },
      "Headless": true
    },
    "Ports": [
      {
        "Protocol": 1,
        "Port": 6000,
        "TargetPort": 6000
      }
    ],
    "SessionAffinity": null
  },
  "Endpoints": [
    {
      "IPs": {
        "V4": [
          "11.0.2.2"
        ]
      },
      "Local": true,
      "PortOverrides": [
        {
          "Port": 6000
        }
      ],
      "Scopes": {
        "Internal": true,
        "External": true
      }
    },
    {
      "IPs": {
        "V4": [
          "11.0.1.2"
        ]
      },
      "PortOverrides": [
        {
          "Port": 6000
        }
      ],
      "Scopes": {
        "Internal": true,
        "External": true
      }
    }
  ]
}

Only IPv4 endpoints are provided. But endpoins-slices for both families exist:

# kubectl get endpointslices
NAME                 ADDRESSTYPE   PORTS   ENDPOINTS             AGE
kpng-example-lq2ch   IPv6          6000    1100::102,1100::202   5m9s
kpng-example-tnhrv   IPv4          6000    11.0.1.2,11.0.2.2     5m9s
kubernetes           IPv4          6443    192.168.1.1           6m28s
mneverov commented 1 year ago

According to the proposal (Endpoints (not EndpointSlice) addresses will match the first address family allocated to the Service (eg. An IPv6 Service IP will only have IPv6 Endpoints)) and the implementation there should only be one endpoint.