search

loft-sh / vcluster

vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
https://www.vcluster.com
Apache License 2.0
6.35k stars 406 forks source link

syncer: cannot change healthCheckNodePort on loadBalancer #240

Closed olljanat closed 2 years ago

olljanat commented 2 years ago

Found from v0.5.0-alpha.7 when publishing LoadBalancer service with externalTrafficPolicy: Local that syncer log was full errors like these:

I1209 16:43:44.702759       1 logr.go:249] service: traefik: updating physical vcluster-test/traefik-x-kube-system-x-test, because virtual service have changed
E1209 16:43:44.721183       1 logr.go:265] reconciler group  reconciler kind Service: controller: service: name traefik namespace kube-system: Reconciler error Service "traefik-x-kube-system-x-test" is invalid: spec.healthCheckNodePort: Invalid value: 30395: cannot change healthCheckNodePort on loadBalancer service with externalTraffic=Local during update

As workaround it can be specified manually like described on https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip but would be nice to get it fixed on way that dynamic port can be used.

FabianKramm commented 2 years ago

@olljanat thanks for creating this issue! You are correct, seems like this is currently a problem, we'll add a fix and new e2e test for this.

olljanat commented 2 years ago

This works correctly on v0.5.0-beta.0

Thanks