Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to disable hairpinMode with Kind? #3118

Closed
kevin85421 opened this issue Mar 8, 2023 · 4 comments
Closed

How to disable hairpinMode with Kind? #3118

kevin85421 opened this issue Mar 8, 2023 · 4 comments
Labels
kind/support Categorizes issue or PR as a support question.

Comments

@kevin85421
Copy link
Contributor

I am trying to disable hairpinMode with Kind. However, it does not work.

Reproduce

kind-config.yaml 
# kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    apiVersion: kubelet.config.k8s.io/v1beta1
    kind: KubeletConfiguration
    hairpinMode: "none"
example.yaml 
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  selector:
    instance: nginx
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      instance: nginx
  template:
    metadata:
      labels:
        name: nginx
        instance: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
          name: http

# Step 1: Create a cluster
kind create cluster --image=kindest/node:v1.23.0 --config kind-config.yaml

# Step 2: Log in to the control plane
docker exec -it kind-control-plane bash

# Step 3: Check the configuration
root@kind-control-plane:/# cat /var/lib/kubelet/config.yaml | grep hairpinMode
hairpinMode: none

# Step 4: Create a Nginx deployment and its service
kubectl apply -f example.yaml

# Step 5: The Nginx Pod can access itself via its ClusterIP service.
kubectl exec ${NGINX_POD} -- curl nginx:80 # succeed
kubectl exec ${NGINX_POD} -- curl nginx.default.svc.cluster.local:80 # succeed

In my expectation, both curl commands in Step 5 should fail because I disabled the hairpinMode. Thanks!
@kevin85421 kevin85421 added the kind/support Categorizes issue or PR as a support question. label Mar 8, 2023
@kevin85421 kevin85421 mentioned this issue Mar 8, 2023
Closed
2 tasks
@aojea
Copy link
Contributor

aojea commented Mar 8, 2023
edited
Loading 

# Step 5: The Nginx Pod can access itself via its ClusterIP service.

That behavior is a Kubernetes networking requirement

Step 3: Check the configuration
root@kind-control-plane:/# cat /var/lib/kubelet/config.yaml | grep hairpinMode

IIRC that is a legacy thing from the kubenet times that no longer works, it was deprecated and removed with the dockershim

Maybe others CNI plugins different than kindnet may support this

@aojea aojea closed this as completed Mar 8, 2023
@kevin85421
Copy link
Contributor Author

Thanks @aojea!

@kevin85421
Copy link
Contributor Author

Hi @aojea,

I do not have a lot of context about dockershim. Based on this link, it said that "Kubernetes' built-in dockershim component was removed in release v1.24.". My example uses v1.23.0 which seems not be affected by the deprecation. In addition, I check the document for Kubelet configuration from Kubernetes v1.26, and hairpinMode is still a valid config.

@aojea
Copy link
Contributor

aojea commented Mar 9, 2023
edited
Loading

I do not have a lot of context about dockershim. Based on this link, it said that "Kubernetes' built-in dockershim component was removed in release v1.24.". M

yeah, but kind does not use dockershim :) that config is. no-op

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/support Categorizes issue or PR as a support question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aojea @kevin85421