kubernetes: Hostport Manager is not IPv6 ready

What happened:

When creating a pod sandbox which contains host port mappings, then the hostport_manager.go will reject any non IPv4: https://github.com/kubernetes/kubernetes/blob/8c8c4113f045a00bee611594e402dee07600812b/pkg/kubelet/dockershim/network/hostport/hostport_manager.go#L85-L87

What you expected to happen:

That the port gets added independently of the IP version.

How to reproduce it (as minimally and precisely as possible):

  1. Setup a CNI bridge plugin as follows:
{
  "bridge": "cni0",
  "cniVersion": "0.3.0",
  "ipMasq": true,
  "ipam": {
    "routes": [
      { "dst": "0.0.0.0/0" },
      { "dst": "1100:200::1/24" }
    ],
    "ranges": [
      [{ "subnet": "172.0.0.0/16" }],
      [{ "subnet": "1100:200::/24" }]
    ],
    "type": "host-local"
  },
  "isGateway": true,
  "name": "crio",
  "type": "bridge"
}
  1. Start CRI-O (current master is IPv6 ready)
  2. Try to create the hostport test sandbox:
> sudo crictl runp test/testdata/sandbox_config_hostport.json
FATA[0002] run pod sandbox failed: rpc error: code = Unknown desc = failed to add hostport mapping for sandbox k8s_podsandbox1_redhat.test.crio_redhat-test-crio_1(0fc2e87d7183c0ab0b92a5df7f443eeba92f3735c6c68d06e91d15b1c7ede333): invalid or missing IP of pod k8s_podsandbox
1_redhat.test.crio_redhat-test-crio_1_

Environment:

  • Kubernetes version (use kubectl version): vendored 1.16.0-alpha.1, but it should also affect the master

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (15 by maintainers)

Most upvoted comments

I´m confused too, the snippet of code refers to dockershim and indeed it seems to miss the IPv6 functionality. However, the test and the description refers to CRI-O that AFAIK doesn´t use dockershim, uses CRI.

@saschagrunert can you clarify?

We use the hostport manager from the dockershim in CRI-O, so I think the issue will affect both (if the dockershim will support IPv6, too).

+2
saschagrunert on Aug 6, 2019

for completeness, I could talk with @saschagrunert and clarify that the problem is with dockershim. They’ve found the issue in the CRI-O project, it seems they are importing the dockershim host port manager https://github.com/cri-o/cri-o/blob/71f12a46396dc57ebd135910ef8b65739ca7a2ce/server/sandbox_network.go#L77 and it fails because it doesn’t support IPv6. I think the issue is legit and my fix #80854 solves it, however, I let you decide since my knowledge in the runtimes area is very basic.

+1
aojea on Aug 6, 2019
Read more comments on GitHub
← kubernetes: HostPathType Socket e2e tests hang on containerd
kubernetes: HostPort seemingly not working →