Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

using --iface not change vxlan listen address #2113

Open
mcarbonneaux opened this issue Nov 18, 2024 · 3 comments
Open

using --iface not change vxlan listen address #2113

mcarbonneaux opened this issue Nov 18, 2024 · 3 comments

Comments

@mcarbonneaux
Copy link

Your Environment

  • Flannel version: the lastest
  • Backend used (e.g. vxlan or udp): vxlan
  • Etcd version: not revelant (the etcd included with kubernetes 1.30.6)
  • Kubernetes version (if used):kubernetes 1.30.6
  • Operating System and version: ubuntu 24.04

Context

i'm in single node kubernetes server based on k3s (i've disabled the integrated flannel to use the last version of this repository because the integrated version as the same problem).

i'm try to force vxlan udp listen on specific interface (not the public one), to avoid to expose the vxlan endpoint to my public interface.
my server as only one interface with public ip, first i've tryed to use looback but many part of kubernetes not whant to start correctly...
to avoid that i've created dummy interface name kubelet0 with private ip 192.168.0.1.
with that dummy interface i can force all part of kubernetes to listen on that ip (all work fine), but not the vxlan part of flannel...

# netstat -lnput | grep 8472
udp        0      0 0.0.0.0:8472            0.0.0.0:*                           -

i've tryed to force the interface with --iface but flanned continue to listen on any interface (0.0.0.0).

Current Behavior and Steps to Reproduce (for bugs)

i've added --iface <myifacename> to /opt/bin/flanneld.

i see in the pod log that flanneld use the good ip of my iface (a dummy interface kubelet0 configured with the ip 192.168.0.1) but continue to listen en any address (0.0.0.0):

kube-flannel I1118 12:27:43.378063       1 match.go:264] Using interface with name kubelet0 and address 192.168.0.1                                                                             
kube-flannel I1118 12:27:43.378100       1 match.go:286] Defaulting external address to interface address (192.168.0.1)  

Expected Behavior

vxlan listen on 192.168.0.1 interface... like that :

# netstat -lnput | grep 8472
udp        0      0 192.168.0.1:8472            0.0.0.0:*                           -
@zhangguanzhang
Copy link
Contributor

kubectl get node -o yaml | grep public-

@mcarbonneaux
Copy link
Author

# kubectl get node -o yaml | grep public-
      flannel.alpha.coreos.com/public-ip: <my public ip>

@mcarbonneaux
Copy link
Author

k3s-io/k3s#4626

there any option to secure by default flannel ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants