Skip to content
This repository has been archived by the owner on Mar 31, 2019. It is now read-only.

kubelet and etcd occasionally listen on the instance's public IP #8

Open
antoineco opened this issue Sep 7, 2018 · 0 comments
Open

kubelet and etcd occasionally listen on the instance's public IP #8

antoineco opened this issue Sep 7, 2018 · 0 comments

Comments

@antoineco
Copy link
Owner

antoineco commented Sep 7, 2018
edited
Loading

Occasionally, coreos-metadata sets the value of COREOS_OPENSTACK_IPV4_LOCAL to the instance's public IP, probably due to a race.

This breaks commands like kubectl logs or kubectl exec (respectively the containerLogs and exec APIs) and exposes both kubelet and etcd publicly.

# /run/metadata/coreos
COREOS_OPENSTACK_INSTANCE_ID=i-00123456                                  
COREOS_OPENSTACK_HOSTNAME=kovhtestnode01                         
COREOS_OPENSTACK_IPV4_LOCAL=203.0.113.1                                                             
COREOS_OPENSTACK_IPV4_PUBLIC=
$ sudo ss -tlpn
...
LISTEN     0      128       203.0.113.1:10250   *:*   users:(("kubelet",pid=819,fd=19))
LISTEN     0      128       127.0.0.1:2379      *:*   users:(("etcd",pid=877,fd=8))
LISTEN     0      128       203.0.113.1:2379    *:*   users:(("etcd",pid=877,fd=7))

Temporary fix: reboot the nodes.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@antoineco