danwinship
commented
8 years ago This is by design; the service IP addresses are for use by pods, not nodes. Why do you need to connect to a service IP address from a node?
Closed ibotty closed 8 years ago
danwinship
commented
8 years ago This is by design; the service IP addresses are for use by pods, not nodes. Why do you need to connect to a service IP address from a node?
sdodson
commented
8 years ago @ncdc ^^ comment seems like it'd mean we can't use the kube service ip as a resolver, no?
@danwinship is that limitation multitenant only?
danwinship
commented
8 years ago We can certainly change this; as the bug report says, it's just a matter of ip r add 172.30.0.0/16 dev tun0. I just didn't think there was any reason to...
ibotty
commented
8 years ago My openshift cluster provides services also to the nodes (e.g. rpm-ostree remote, centralized logging, etc). Of course I could expose some of these services via routes. It also makes debugging easier ;).
ibotty
commented
8 years ago Also: how do pods with host networking (e.g. the router) work? They can't access portal ips either, right?
ncdc
commented
8 years ago @sdodson
comment seems like it'd mean we can't use the kube service ip as a resolver, no?
garrrrrrr. @danwinship we are hoping to have the nodes' /etc/resolv.conf point at the kube service ip for DNS
danwinship
commented
8 years ago OK, so I'll make this work again...
danwinship
commented
8 years ago (It didn't intentionally get broken, it just hadn't occurred to me before that anyone expected it to work.)
Using the multitenant plugin on atomic hosts (using openvswitch on docker), openshift v1.1, I cannot access a service portal address (172.30.183.139:5000) on the host.
times out.
works.
as does using the endpoint (10.1.2.13) directly.
When adding a route to the portal net, all requests are working.
The relevant part of the (generated) nat table looks like that.