kubernetes: Kubelet service cannot bind port 10250 on both the ipv4 and ipv6 network ips in Dual stack k8s setup.

What happened?

The parameter address in the kubelet /var/lib/kubelet/config.yaml enables to bind the kubelet to a node ip .
It’s the parameter which accepts single value, that means only one IP could be provided. In case of dual stack environment kubelet cannot listen on both the ipv4 and ipv6 network ips.

Following output is from the case where kubelet listens on ipv6 node’s ip in a dualstack environment.

kubectl logs node-cert-exporter-h74s2 -n monitoring
Error from server: Get "[https://<ipv4NodeIp>:10250/containerLogs/monitoring/node-cert-exporter-h74s2/node-cert-exporter":](https://<ipv4NodeIp>:10250/containerLogs/monitoring/node-cert-exporter-h74s2/node-cert-exporter%22:) dial tcp <ipv4NodeIp>:10250: connect: connection refused

What did you expect to happen?

kubelet should listen to both the network node ips in case of dual stack. This will enable communication to the kubelet on both the networks.

How can we reproduce it (as minimally and precisely as possible)?

Update the address: <node ip> in the /var/lib/kubelet/config.yaml
Restart the kubelet service.
ss -anlp | grep 10250

Anything else we need to know?

Kubeapiserver with the configuration --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname always tries to contact the kubelet on the ipv4 network ip ( ipv4, dualstack deployment) with the exception in ipv6 deployment. Kubeapiserver is unable to make calls to the kubelet where the kubelet listens on the ipv6 node ip in the dual stack environment.

Kubernetes version

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"6abac1505370282a9583329dd35622792b60e449", GitTreeState:"clean", BuildDate:"2022-01-10T12:53:58Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"6abac1505370282a9583329dd35622792b60e449", GitTreeState:"clean", BuildDate:"2022-01-10T12:44:17Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}

Cloud provider

Openstack

OS version

# On Linux:
$ cat /etc/os-release
NAME="SLES"
VERSION="15-SP2"
VERSION_ID="15.2"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP2"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp2"

Install tools

Container runtime (CRI) and and version (if applicable)

Related plugins (CNI, CSI, …) and versions (if applicable)

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 25 (14 by maintainers)

Most upvoted comments

just adding a note here, i am going to look at updating the documentation to be more clear about the deprecation of the --cloud-provider flag.

elmiko on Mar 2, 2022

@aojea : As per the documentation https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/, option cloud-provider was to be removed in v1.23 but looks like it is still valid in v1.23, since i am doing all the tests on the k8s v1.23.

In this case, Probably documentation could be updated as per the code behaviour. I feel this need to be tagged as a bug. Please share your inputs.

kumaravanish on Feb 22, 2022

kubelet accepts a comma separated list of ips in --node-ip for dual-stack

–node-ip string IP address (or comma-separated dual-stack IP addresses) of the node. If unset, kubelet will use the node’s default IPv4 address, if any, or its default IPv6 address if it has no IPv4 addresses. You can pass ‘::’ to make it prefer the default IPv6 address rather than the default IPv4 address.

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

It was implemented by https://github.com/kubernetes/kubernetes/pull/95239/commits/75242fce7aa8a8f9e703b8602587900ca5aaf937

aojea on Feb 28, 2022

/sig node /sig network (maybe?)

MadhavJivrajani on Feb 22, 2022