kubelet and etcd occasionally listen on the instance's public IP

Occasionally, `coreos-metadata` sets the value of `COREOS_OPENSTACK_IPV4_LOCAL` to the instance's **public** IP, probably due to a race.

This breaks commands like `kubectl logs` or `kubectl exec` (respectively the containerLogs and exec APIs) and exposes both `kubelet` and `etcd` publicly.

```sh
# /run/metadata/coreos
COREOS_OPENSTACK_INSTANCE_ID=i-00123456                                  
COREOS_OPENSTACK_HOSTNAME=kovhtestnode01                         
COREOS_OPENSTACK_IPV4_LOCAL=203.0.113.1                                                             
COREOS_OPENSTACK_IPV4_PUBLIC=
```

```console
$ sudo ss -tlpn
...
LISTEN     0      128       203.0.113.1:10250   *:*   users:(("kubelet",pid=819,fd=19))
LISTEN     0      128       127.0.0.1:2379      *:*   users:(("etcd",pid=877,fd=8))
LISTEN     0      128       203.0.113.1:2379    *:*   users:(("etcd",pid=877,fd=7))
```

Temporary fix: reboot the nodes.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kubelet and etcd occasionally listen on the instance's public IP #8

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

kubelet and etcd occasionally listen on the instance's public IP #8

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions