Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Services having the same "allow-shared-ip" value are not updated when one of them is updated #2403

Open
AlexeyKasatkin opened this issue May 17, 2024 · 3 comments
Open

Services having the same "allow-shared-ip" value are not updated when one of them is updated #2403

AlexeyKasatkin opened this issue May 17, 2024 · 3 comments
Assignees
@liornoy
Labels
bug

Comments

@AlexeyKasatkin
Copy link

AlexeyKasatkin commented May 17, 2024
edited

MetalLB Version

0.14.5

Deployment method

Charts

Main CNI

Calico v3.27.0

Kubernetes Version

v1.27.10

Cluster Distribution

No response

Describe the bug

There are two services that share the same IP address and have the same externalTrafficPolicy value:

---
apiVersion: v1
kind: Service
metadata:
  annotations:
    metallb.universe.tf/allow-shared-ip: foo
  name: test-udp-svc
  namespace: test
spec:
  allocateLoadBalancerNodePorts: true
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  loadBalancerIP: 1.2.3.4
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: pdns-udp
    port: 53
    protocol: UDP
    targetPort: 53
  selector:
    application: someapp
    component: somecomponent
  sessionAffinity: None
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    metallb.universe.tf/allow-shared-ip: foo
  name: test-tcp-svc
  namespace: test
spec:
  allocateLoadBalancerNodePorts: true
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  loadBalancerIP: 1.2.3.4
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: pdns-tcp
    port: 53
    protocol: TCP
    targetPort: 53
  selector:
    application: someapp
    component: somecomponent
  sessionAffinity: None
  type: LoadBalancer

The services have the external IP address assigned and are accessible.
Change externalTrafficPolicy value for both services from Cluster to Local.
In result, the 1st service that has been changed, remains having no external IP assigned.
Though, the service that was changed later, have the external IP assigned as expected.

test-tcp-svc                 LoadBalancer   10.233.62.135   1.2.3.4        53:32123/TCP                                                        13m
test-udp-svc                 LoadBalancer   10.233.54.13    <pending>      53:31244/UDP                                                        14m

From test-udp-svc events:

  Normal   IPAllocated       75s                metallb-controller  Assigned IP ["1.2.3.4"]
  Normal   nodeAssigned      75s                metallb-speaker     announcing from node "b1d3ffd6-7cc6-4588-9558-2bb702c8c417" with protocol "layer2"
  Normal   nodeAssigned      20s                metallb-speaker     announcing from node "0d7553b9-9d07-40fa-b9dc-74b6ba437cdb" with protocol "layer2"
  Normal   ClearAssignment   20s                metallb-controller  current IP for "test/test-udp-svc" not allowed by config, will attempt for new IP assignment: can't change sharing key for "test/test-udp-svc", address also in use by test/test-tcp-svc
  Warning  AllocationFailed  20s (x3 over 20s)  metallb-controller  Failed to allocate IP for "test/test-udp-svc": can't change sharing key for "test/test-udp-svc", address also in use by test/test-tcp-svc

Though, external IP address is allocated to test-udp-svc after its "reconcile".

To Reproduce

  1. Create two services that share the same IP address and have the same externalTrafficPolicy value (as per Description).
  2. Check that the services have their external IPs allocated:
$ kubectl -n test get svc |grep test
test-tcp-svc                 LoadBalancer   10.233.62.135   1.2.3.4        53:32123/TCP                                                        11m
test-udp-svc                 LoadBalancer   10.233.54.13    1.2.3.4        53:31244/UDP                                                        11m
  1. Change externalTrafficPolicy value for both services from Cluster to Local. For example:
kubectl -n test patch svc test-udp-svc -p '{"spec":{"externalTrafficPolicy":"Local"}}'
kubectl -n test patch svc test-tcp-svc -p '{"spec":{"externalTrafficPolicy":"Local"}}'
  1. Check the services once again:
$ kubectl -n test get svc |grep test
test-tcp-svc                 LoadBalancer   10.233.62.135   1.2.3.4        53:32123/TCP                                                        13m
test-udp-svc                 LoadBalancer   10.233.54.13    <pending>      53:31244/UDP                                                        14m

Expected Behavior

All services have external IPs allocated when their configuration became consistent.

Additional Context

W/A: modify the service with "pending" external IP to get it allocated. For example, add a dummy label:

kubectl label -n test svc test-udp-svc reconcile=1
@fedepaol
Copy link
Member

Thanks for the report (and the reproducer!). We'll look into this.

@liornoy
Copy link
Contributor

liornoy commented May 20, 2024

I would like to help looking into this

@oribon
Copy link
Member

oribon commented May 20, 2024

thanks! assigned it to you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liornoy liornoy

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fedepaol @AlexeyKasatkin @liornoy @oribon