Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

analyzer: make sure there's a valid interface that kubernetes can use #1536

Open
adamancini opened this issue Apr 29, 2024 · 5 comments
Open

analyzer: make sure there's a valid interface that kubernetes can use #1536

adamancini opened this issue Apr 29, 2024 · 5 comments

Comments

@adamancini
Copy link
Member

adamancini commented Apr 29, 2024
edited
Loading

Describe the rationale for the suggested feature.

An end user may try to implement airgapping by removing the primary interface of the host or by removing routes from the routing table - this may break CNI if there is no interface to use to build a bridge for flannel.

Describe the feature

Detect if there is a valid interface that kubeadm init can use for building CNI.

Describe alternatives you've considered

something along the lines of what happens during kubeadm init phase preflight which can generate errors like from this interface list:

default via 169.254.1.1 dev idrac proto static metric 100
169.254.1.0/24 dev idrac proto kernel scope link src 169.254.1.2 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

This token will expire in 24 hours
cannot use "169.254.1.2" as the bind address for the API Server
To see the stack trace of this error execute with --v=5 or higher
Retry 1/3 exited 1, retrying in 1 seconds...
...
cannot use "169.254.1.2" as the bind address for the API Server
To see the stack trace of this error execute with --v=5 or higher
Retry 2/3 exited 1, retrying in 2 seconds...
...
cannot use "169.254.1.2" as the bind address for the API Server
To see the stack trace of this error execute with --v=5 or higher
Retry 3/3 exited 1, no more retries left.
@diamonwiggins
Copy link
Member

diamonwiggins commented May 6, 2024
edited
Loading

Per https://kubernetes.io/docs/concepts/services-networking/service/#custom-endpointslices we should consider interfaces in both loopback and link local ranges to not be valid for install.

Also, this is relevant for kubernetes in general not just for kubeadm based installs. I've updated the title to that effect.

@diamonwiggins diamonwiggins changed the title analyzer: make sure there's a valid interface that kubeadm can use analyzer: make sure there's a valid interface that kubernetes can use May 6, 2024
@adamancini
Copy link
Member Author

@diamonwiggins thanks for tracking that down

@chris-sanders
Copy link
Member

If we improve this we should be sure to update the Embedded Cluster spec when it's available: Ref https://github.com/replicatedhq/embedded-cluster/pull/579/files

@adamancini
Copy link
Member Author

projectcalico/calico#8481

@adamancini
Copy link
Member Author

kubernetes/kubernetes#123120

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adamancini @chris-sanders @diamonwiggins