![]() Once connection from client to server is established: NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE This PR adds the logic to do this to target cases where we reuse the same LB or NP service VIPs against different clusterIPs when services get recreated. What this fix does and why is it neededĬurrently when we delete a clusterIP service we don't cleanup the conntrack entries on the node. The fix posted was tested on our QE clusters and we saw that as soon as the stale clusterIP entry goes away, the new conntrack entry gets created and traffic starts passing again. Traffic to be dnatted to the right cluster IP and reach its destinationĬonntrack -D -r $OLD_CLUSTER_IP workarounds the issue. ![]() Traffic is dnatted to old cluster IP and does not reach its destination. Re-create the same LoadBalancer service such that it has the same load balancer IP, but let a different cluster IP be chosen at random. Delete everything (in our case, it is done with helm uninstall, but that's not relevant)ĥ. Install a LoadBalancer service with a SCTP portģ. Version-Release number of selected component (if applicable):ġ. If that entry is manually removed, everything starts working. The iptables rules are correct, it is just the entry in the conntrack table what seems to wreak havoc. If an SCTP LoadBalancer service is deleted and re-created later with the same load balancer IP but different cluster IP, there is an old conntrack entry that causes packets to be still dnatted to the old cluster IP instead of the new one.
0 Comments
Leave a Reply. |