search

linkerd / linkerd2

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
https://linkerd.io
Apache License 2.0
10.63k stars 1.28k forks source link

Linkerd CNI repair controller does not listen on IPv6 #12864

Closed lwj5 closed 2 months ago

lwj5 commented 2 months ago

What is the issue?

Repair controller fail to start on EKS IPv6 cluster. Admin is only listening at 0.0.0.0:9990

  Warning  Unhealthy  21s (x6 over 71s)  kubelet            Liveness probe failed: Get "http://[ipv6]:9990/live": dial tcp [ipv6]:9990: connect: connection refused
  Warning  Unhealthy  21s (x7 over 61s)  kubelet            Readiness probe failed: Get "http://[ipv6]:9990/ready": dial tcp [ipv6]:9990: connect: connection refused
  Normal   Killing    21s (x2 over 51s)  kubelet            Container repair-controller failed liveness probe, will be restarted

How can it be reproduced?

Start a IPv6 only cluster and instal linkerd cni with repair controller enabled.

Logs, error output, etc

None

output of linkerd check -o short

-

Environment

EKS 1.18

Possible solution

  repair-controller:
    Container ID:    containerd://8cfbb7ced3c98c071c2078722ac385a914e44e5e6c8b23eed176a013231b0367
    Image:           cr.l5d.io/linkerd/cni-plugin:v1.5.1
    Image ID:        cr.l5d.io/linkerd/cni-plugin@sha256:adc21c4af0cfae6e6454b6aecac11f13c11edd351813bf0dd60260191fe4e375
    Port:            9990/TCP
    Host Port:       0/TCP
    SeccompProfile:  RuntimeDefault
    Command:
      /usr/lib/linkerd/linkerd-cni-repair-controller
    Args:
      --admin-addr=0.0.0.0:9990
      --log-format
      plain
      --log-level
      info

Change admin address to listen on IPv6 as well. [::]:9990

Additional context

No response

Would you like to work on fixing this bug?

yes

alpeb commented 2 months ago

Thanks for bringing this up; I was able to replicate the issue. I've raised #12874; please keep an eye for when that gets included in an edge, and let us know how it goes! :-)