search

romana / romana

The Romana Project - Installation scripts, documentation, issue tracker and wiki. Start here.
Apache License 2.0
248 stars 38 forks source link

kubeadm tutorial + romana doesn't work #143

Open vide opened 7 years ago

vide commented 7 years ago

Hello

I was following http://kubernetes.io/docs/getting-started-guides/kubeadm/ to try a kubernetes installation and I've installed romana networking with kubectl apply -f https://raw.githubusercontent.com/romana/romana/master/containerize/specs/romana-kubeadm.yml

Afterwards, I deploy the sample application (sock-shop) and I try to connect to the front-end port on the master's public LAN IP but it doesn't work, it seems that packets are dropped somewhere in the stack, even if I can see that an iptables NAT rule is present for the kube-proxy exposed port:

[root@k8s-test01 ~]# iptables -t nat -L|grep "sock-shop/front-end"
KUBE-MARK-MASQ  tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp dpt:31415
KUBE-SVC-LFMD53S3EZEAOUSJ  tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp dpt:31415
KUBE-MARK-MASQ  all  --  100.115.114.12       anywhere             /* sock-shop/front-end: */
DNAT       tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp to:100.115.114.12:8079
KUBE-SVC-LFMD53S3EZEAOUSJ  tcp  --  anywhere             10.97.155.32         /* sock-shop/front-end: cluster IP */ tcp dpt:http
KUBE-SEP-QXDXZJAQV2LSLCKA  all  --  anywhere             anywhere             /* sock-shop/front-end: */

The host OS is CentOS 7.2

cgilmour commented 7 years ago

Hi @vide, thanks for opening up an issue.

We've identified the cause, and it's a small bug in our policy agent. A fix has been made and tested today, and will be bundled in an upcoming release.

Once it is installed, then you should be able to access the sock-shop application via the front-end NodePort. If you're enabling isolation on the sock-shop namespace, then additional policies will need to be applied to permit communication between pods and also to make the front-end port reachable from nodes.

Thanks!

cgilmour commented 7 years ago

Hi @vide, I've pushed up a new release that covers the bug fixes mentioned previously. Installation instructions remain the same, and I've tested installing the demo application. It worked as expected in the new release.

vide commented 7 years ago

Thanks! I will try again and let you know ASAP

bweston92 commented 7 years ago

I don't know if this is the same problem I'm having, but if so it isn't fixed. https://github.com/kubernetes/kubernetes/issues/37552