cilium: Cilium kube-proxy free doesn't run with konnectivity service

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

When trying to run cilium in kube-proxy free mode together with the konnectivity-server and konnectivity-agents see: https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/

I’m getting the following error on the cilium operator: level=error msg="Unable to contact k8s api-server" error="Get \"https://<my-domain>:443/api/v1/namespaces/kube-system\": dial tcp <my-ip>:443: connect: connection refused" ipAddr="https://<my-domain>:443" subsys=k8s

On the cilium agent I’m getting the same error message.

These are my settings:

k8sServiceHost: <my-domain>
k8sServicePort: 443
kubeProxyReplacement: "strict"
ipam:
    mode: "kubernetes"
hostServices:
  hostNamespaceOnly: true

I tested the kube-proxy free setup without the konnectivity server and everything was working. I also tested cilium with kube-proxy and replacement=partial and with the konnectivity server and it works.

Cilium Version

v1.11.1

Kernel Version

5.16.5-200.fc35.x86_64

Kubernetes Version

v1.23.3

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

  • I agree to follow this project’s Code of Conduct

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 21 (8 by maintainers)

Commits related to this issue

Most upvoted comments

Since v0.0.30, and cilium 1.12 it works. Same settings, I gave it another try with the newer versions and it works… so I do not know what exactly causes this problem, but I think we can close this issue.

+1
batistein on Sep 29, 2022
Read more comments on GitHub
← cilium: Cilium is using wrong interface for MTU detection
cilium: Cilium segfaults with --enable-l7-proxy=false →