Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service for LoadBalancer seems to not use externalIps properly - using deprecated / removed loadBalancerIP setting #215

Open
EugenMayer opened this issue Oct 28, 2024 · 4 comments
Open

Service for LoadBalancer seems to not use externalIps properly - using deprecated / removed loadBalancerIP setting #215

EugenMayer opened this issue Oct 28, 2024 · 4 comments

Comments

@EugenMayer
Copy link
Contributor

EugenMayer commented Oct 28, 2024
edited
Loading

could be related to the CNI used (in my case it is callico)

deploying via

service:
  type: LoadBalancer
  loadBalancerIP: ${externalIp}
  ipFamilyPolicy: SingleStack

will never actually bind the load-balancer, it will stay pending. AFAICS you are not using externalIPs at all, which makes the difference here.

When i deploy the same service using terraform

resource "kubernetes_service" "externalLdapAccess" {
  metadata {
    name      = "kw-auth-openldap"
    namespace = module.hardened_namespace.namespace.id
  }

  spec {
    type = "LoadBalancer"
    selector = {
      "app.kubernetes.io/component": "openldap"
      "release" : "openldap"
    }
    port {
      port        = var.ldap_port
      name        = "ldap"
      protocol    = "TCP"
      target_port = 1389
    }
    port {
      port        = var.ldaps_port
      name        = "ldap-ssl"
      protocol    = "TCP"
      target_port = 1636
    }
    external_ips = [var.external_ip]
  }

  wait_for_load_balancer = false
}

the service binds instantly.

You are using loadBalancerIP, which has been deprecated and does no longer work with my k8s version (1.30) we should start using https://kubernetes.io/docs/concepts/services-networking/service/#external-ips which is the replacement

loadBalancerIP is no longer part of the spec https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
@jp-gouin
Copy link
Owner

What provider are you using for your LoadBalancer ?

It's not provided by default in kubernetes and you need a component that will allocate a load balancer and provide/attach an IP to your service .

@EugenMayer
Copy link
Contributor Author

i'am not sure in which direction you are arguing? this flag has been deprecated AFAICS 1.21 and has a replacement, externalIPs - it has nothing to do with my CNI(callico) or Ingress (nginx)

@jp-gouin
Copy link
Owner

Yes the field needs to be updated to reflect the newest spec of kubernetes. But this field is also optional so I wanted to understand why your service type LB stay pending

@EugenMayer
Copy link
Contributor Author

That i'am not fully able to explain. Since it is not ClusterIP, and we expose a port, i assume it is not possible to understand what ip to bind too. I think this is part of the spec, if found that.

Probably this is related to use driving a multi-eth setup on our k8s, means the decision cannot be made for sure, which one to use, thus it does not make any?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EugenMayer @jp-gouin