Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the kubelet hostPort feature usable by default #3056

Open
matrohon opened this issue Aug 8, 2018 · 12 comments
Open

Make the kubelet hostPort feature usable by default #3056

matrohon opened this issue Aug 8, 2018 · 12 comments
Labels
area/cni CNI support help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.

Comments

@matrohon
Copy link

matrohon commented Aug 8, 2018
edited
Loading

Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST

Please provide the following details:

Environment: Debian stretch

Minikube version (use minikube version): v0.28.0

  • OS (e.g. from /etc/os-release): Debian GNU/Linux 9 (stretch)
  • VM Driver (e.g. cat ~/.minikube/machines/minikube/config.json | grep DriverName): kvm2
  • ISO version (e.g. cat ~/.minikube/machines/minikube/config.json | grep -i ISO or minikube ssh cat /etc/VERSION):
  • Install tools: v0.28.0
  • Others:

What happened:
I'm enabling cni plugins for minikube by using the following command:
minikube start --vm-driver kvm2 --network-plugin=cni --extra-config=kubelet.network-plugin=cni --extra-config=kubelet.cni-conf-dir=/etc/cni/net.d --extra-config=kubelet.cni-bin-dir=/opt/cni/bin

I then want to use a pod with a hostPort, to access the pod easily from inside and outside the minikube VM.
Unfortunatly, the default cni conf file doesn't enable the "portmap" cni plugin, which enable the hostport feature.
So by default, when using cni plugins, a pod can't be accessed through a hostPort, even if it is configured.

What you expected to happen: I expect the hostPort feature to work by default.

Anything else do we need to know:

Since the portmap cni plugin is available in the minikube VM, at /opt/cni/bin, having the hostport feature enabled by default is just a matter of cni configuration file.

I removed the default /etc/cni/net.d/k8s.conf and added the file /etc/cni/net.d/10-k8s-portmap.conflist with the following content:

{
    "cniVersion": "0.3.1",
    "name": "rkt.kubernetes.io",
    "plugins": [
        {
            "type": "bridge",
            "bridge": "mybridge",
            "mtu": 1460,
            "addIf": "true",
            "isGateway": true,
            "ipMasq": true,
            "ipam": {
                "type": "host-local",
                "subnet": "10.1.0.0/16",
                "gateway": "10.1.0.1",
                "routes": [
                    {
                        "dst": "0.0.0.0/0"
                    }
                ]
            }
        },
        {
            "type": "portmap",
            "capabilities": {"portMappings": true},
            "externalSetMarkChain": "KUBE-MARK-MASQ"
        }
    ]
}

After restarting kubelet, a pod with hostPort enabled is accessible through minikube_ip:hostport, as expected.
@tstromberg tstromberg changed the title Enable hostPort with default cni plugins Support using the hostPort kubelet feature with default cni plugins Sep 18, 2018
@tstromberg tstromberg added os/linux area/networking networking issues co/kubelet Kubelet config issues co/kvm2-driver KVM2 driver related issues labels Sep 18, 2018
@tstromberg tstromberg changed the title Support using the hostPort kubelet feature with default cni plugins Make the kubelet hostPort feature usable by default Sep 18, 2018
@tstromberg tstromberg added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 18, 2018
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 17, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 16, 2019
@tstromberg tstromberg added priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. and removed co/kvm2-driver KVM2 driver related issues lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. os/linux labels Jan 23, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 29, 2019
@GrigorievNick
Copy link

GrigorievNick commented May 13, 2019
edited
Loading

I use latest minikube version: v1.0.1, with k8s 1.3.5
minikube start --vm-driver=kvm2 --network-plugin cni --kubernetes-version v1.13.5 .
I have same issue. I'am developer not devops, i'am enable cni plugin just for test how NetworkPolicy work.
And i waste 10 hour, before i understand why my kafka external acess stop work.
This is very confused, that if you enable 'cni' some feature stop work.

@tstromberg tstromberg added r/2019q2 Issue was last reviewed 2019q2 and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 22, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 20, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Sep 19, 2019
@tstromberg tstromberg added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. labels Sep 20, 2019
@tstromberg tstromberg added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed r/2019q2 Issue was last reviewed 2019q2 labels Sep 20, 2019
@tstromberg
Copy link
Contributor

I believe this is still likely an issue - so PR's welcome. I don't know much about CNI, but this is where the file is apparently generated:

minikube/pkg/minikube/bootstrapper/kubeadm/default_cni.go

Line 23 in 01f399b

const defaultCNIConfig = `

@tstromberg tstromberg added area/cni CNI support and removed area/networking networking issues co/kubelet Kubelet config issues labels Sep 20, 2019
@woodcockjosh
Copy link
Contributor

/assign

@woodcockjosh
Copy link
Contributor

woodcockjosh commented Sep 23, 2019
edited
Loading

@tstromberg before I go too deep perhaps someone can explain why the hostPort feature appears to work for the ingress plugin but not for any other pods? Some type of special nginx witchcraft?

@woodcockjosh woodcockjosh mentioned this issue Oct 2, 2019
Closed
@medyagh
Copy link
Member

medyagh commented Dec 16, 2019

@woodcockjosh do you we still consider this ?

@medyagh
Copy link
Member

medyagh commented May 20, 2020

@woodcockjosh are you still interested in doing this task ?

@medyagh
Copy link
Member

medyagh commented May 20, 2020

this issue is free for anyone who is interested to pick it up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/cni CNI support help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: Fix default cni config woodcockjosh/minikube
7 participants
@tstromberg @matrohon @woodcockjosh @medyagh @GrigorievNick @k8s-ci-robot @fejta-bot