Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suddenly pods not able to communicate #1602

Open
Seji64 opened this issue Jan 17, 2025 · 1 comment
Open

Suddenly pods not able to communicate #1602

Seji64 opened this issue Jan 17, 2025 · 1 comment
Assignees
@lou-lan

Comments

@Seji64
Copy link

Seji64 commented Jan 17, 2025

Version: 0.6.0

Describe the bug
Suddenly pods not able to communicate with non-cluster / external services. As soon i remove the egress policy the comminucation works as usual.

How To Reproduce
Apply egress policy to a pod:

apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressPolicy
metadata:
 name: fortisync
 namespace: fortisync
spec:
 egressGatewayName: egress-pool-fortisync
 egressIP:
   ipv4: 10.195.30.20
 appliedTo:
  podSelector:
   matchLabels:
    app.kubernetes.io/instance: "fortisync"

Expected behavior
The pod should be able to communicate

Screenshots and log

root@fortisync-76ff5fb4cd-prwd9:/app# curl --connect-timeout 10 -4 -v https://google.com
*   Trying 142.250.185.78:443...
* ipv4 connect timeout after 9997ms, move on!
* Failed to connect to google.com port 443 after 10001 ms: Timeout was reached
* Closing connection 0
curl: (28) Failed to connect to google.com port 443 after 10001 ms: Timeout was reached
root@fortisync-76ff5fb4cd-prwd9:/app#

Additional context
values.yaml:

 global:
    clusterDnsDomain: "alchemor.k8s.k-ops.local"
  feature:
    tunnelIpv4Subnet: "172.31.0.0/16"
    tunnelDetectMethod: "defaultRouteInterface"
    gatewayFailover:
      enable: true
    clusterCIDR:
      extraCidr:
        - 10.244.0.0/16
        - 10.96.0.0/12
  agent:
    nodeSelector:
      nodeRole: worker
    prometheus:
      enabled: true
      serviceMonitor:
        install: true
      prometheusRule:
        install: true
  controller:
    replicas: 2
    nodeSelector:
      nodeRole: controlplane
    prometheus:
      enabled: true
      serviceMonitor:
        install: true
      prometheusRule:
        install: true

egress pools:

apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressGateway
metadata:
  name: egress-pool-fortisync
spec:
  ippools:
    ipv4:
    - "10.195.30.20"
  nodeSelector:
    selector:
      matchLabels:
        egressgateway: "true"
---


apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressGateway
metadata:
  name: egress-pool-monitoring
spec:
  ippools:
    ipv4:
    - "10.195.30.21-10.195.30.23"
  nodeSelector:
    selector:
      matchLabels:
        egressgateway: "true"

kubectl get egresspolicy fortisync -n fortisync -o yaml
kubectl get egressgateway egress-pool-fortisync -o yaml
kubectl get node -o wide --show-labels
kubectl get pods -o wide -n fortisync | grep fortisync-76ff5fb4cd-prwd9
apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressPolicy
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"egressgateway.spidernet.io/v1beta1","kind":"EgressPolicy","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"fortisync-collection"},"name":"fortisync","namespace":"fortisync"},"spec":{"appliedTo":{"podSelector":{"matchLabels":{"app.kubernetes.io/instance":"fortisync"}}},"egressGatewayName":"egress-pool-fortisync","egressIP":{"ipv4":"10.195.30.20"}}}
  creationTimestamp: "2025-01-17T07:54:02Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: fortisync-collection
  name: fortisync
  namespace: fortisync
  resourceVersion: "19154365"
  uid: e617c7af-e999-4a65-9fc4-2a4c58c5a673
spec:
  appliedTo:
    podSelector:
      matchLabels:
        app.kubernetes.io/instance: fortisync
  egressGatewayName: egress-pool-fortisync
  egressIP:
    allocatorPolicy: default
    ipv4: 10.195.30.20
    useNodeIP: false
status:
  eip:
    ipv4: 10.195.30.20
  node: kit-alchemorwp01
apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressGateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"egressgateway.spidernet.io/v1beta1","kind":"EgressGateway","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"egressgateway-collection"},"name":"egress-pool-fortisync"},"spec":{"ippools":{"ipv4":["10.195.30.20"]},"nodeSelector":{"selector":{"matchLabels":{"egressgateway":"true"}}}}}
  creationTimestamp: "2025-01-17T07:53:49Z"
  finalizers:
  - egressgateway.spidernet.io/egressgateway
  generation: 1
  labels:
    app.kubernetes.io/instance: egressgateway-collection
  name: egress-pool-fortisync
  resourceVersion: "19154363"
  uid: d9eace90-e173-4e37-8844-2291510e904b
spec:
  ippools:
    ipv4:
    - 10.195.30.20
    ipv4DefaultEIP: 10.195.30.20
  nodeSelector:
    selector:
      matchLabels:
        egressgateway: "true"
status:
  ipUsage:
    ipv4Free: 0
    ipv4Total: 1
    ipv6Free: 0
    ipv6Total: 0
  nodeList:
  - eips:
    - ipv4: 10.195.30.20
      policies:
      - name: fortisync
        namespace: fortisync
    name: kit-alchemorwp01
    status: Ready
  - name: kit-alchemorwp02
    status: Ready
  - name: kit-alchemorwp03
    status: Ready
NAME               STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE         KERNEL-VERSION   CONTAINER-RUNTIME    LABELS
kit-alchemorcp01   Ready    control-plane   50d   v1.31.2   10.195.29.11   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorcp01,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=,nodeRole=controlplane
kit-alchemorcp02   Ready    control-plane   50d   v1.31.2   10.195.29.12   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorcp02,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=,nodeRole=controlplane
kit-alchemorcp03   Ready    control-plane   50d   v1.31.2   10.195.29.13   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorcp03,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=,nodeRole=controlplane
kit-alchemorwp01   Ready    <none>          45d   v1.31.2   10.195.29.21   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,egressgateway=true,extensions.talos.dev/iscsi-tools=v0.1.6,extensions.talos.dev/util-linux-tools=2.40.2,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorwp01,kubernetes.io/os=linux,nodeRole=worker
kit-alchemorwp02   Ready    <none>          49d   v1.31.2   10.195.29.22   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,egressgateway=true,extensions.talos.dev/iscsi-tools=v0.1.6,extensions.talos.dev/util-linux-tools=2.40.2,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorwp02,kubernetes.io/os=linux,nodeRole=worker
kit-alchemorwp03   Ready    <none>          49d   v1.31.2   10.195.29.23   <none>        Talos (v1.8.3)   6.6.60-talos     containerd://2.0.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,egressgateway=true,extensions.talos.dev/iscsi-tools=v0.1.6,extensions.talos.dev/util-linux-tools=2.40.2,kubernetes.io/arch=amd64,kubernetes.io/hostname=kit-alchemorwp03,kubernetes.io/os=linux,nodeRole=worker
fortisync-76ff5fb4cd-prwd9   1/1     Running   0          32m   10.244.9.191   kit-alchemorwp03   <none>           <none>
@lou-lan
Copy link
Collaborator

lou-lan commented Jan 22, 2025
edited
Loading

Hi, please try to set https://github.com/spidernet-io/egressgateway/blob/main/charts/values.yaml#L54 to true, and try again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lou-lan lou-lan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lou-lan @Seji64