Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metallb controller fails to allocate IP address to dual stack services (PreferDualStack) if only IPv4 is available #2482

Open
8 tasks done
abhishekjain1982 opened this issue Aug 6, 2024 · 3 comments · May be fixed by #2540
Open
8 tasks done

metallb controller fails to allocate IP address to dual stack services (PreferDualStack) if only IPv4 is available #2482

abhishekjain1982 opened this issue Aug 6, 2024 · 3 comments · May be fixed by #2540
Assignees
@mquhuy
Labels
enhancement help wanted

Comments

@abhishekjain1982
Copy link

MetalLB Version

0.14.5

Deployment method

Charts

Main CNI

calico

Kubernetes Version

No response

Cluster Distribution

No response

Describe the bug

Related issue: #1339

here is the service:

apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
namespace: nginx-ingress
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 10.0.0.79
clusterIPs:

  • 10.0.0.79
  • fd00::d899
    externalTrafficPolicy: Local
    healthCheckNodePort: 30272
    internalTrafficPolicy: Cluster
    ipFamilies:
  • IPv4
  • IPv6
    ipFamilyPolicy: PreferDualStack
    ports:
  • name: http
    nodePort: 30122
    port: 80
    protocol: TCP
    targetPort: http
  • name: https
    nodePort: 32678
    port: 443
    protocol: TCP
    targetPort: https
    selector:
    app.kubernetes.io/instance: nginx-ingress
    app.kubernetes.io/name: nginx-ingress
    sessionAffinity: None
    type: LoadBalancer
    status:
    loadBalancer: {}
    Because the service is dual stack, but metallb has no IPv6 configured in any pool, the controller fails to allocate an IPv6 address and stops there.

To Reproduce

Steps:

  1. Create IPaddresspool pool1 only for IPv4 family.
  2. In case service created with addresspool annotation as pool1. and ipFamilyPolicy is 'PreferDualStack'.
  3. Expected is the service get IP address assigned from ipv4 family only. But actually service stuck in pending state for LBIP.
  4. The same behavior can be seen without addresspool annotation if all pools are only IPv4 family.

Expected Behavior

As mentioned above

Additional Context

If there is only single IP family is available in metallb ipaddresspool (no IPv6 address defined) :

  1. In case of preferDualstack metallb controller should allocate that IP
  2. In case of RequireDualStack it should not allocate any IP and status will be in pending state.

Currently with respect to metallb controller there is no difference between RequireDualStack and preferDualstack and both are treated as mentioned above as 'RequireDualStack'.

I've read and agree with the following

  • I've checked all open and closed issues and my request is not there.
  • I've checked all open and closed pull requests and my request is not there.

I've read and agree with the following

  • I've checked all open and closed issues and my issue is not there.
  • This bug is reproducible when deploying MetalLB from the main branch
  • I have read the troubleshooting guide and I am still not able to make it work
  • I checked the logs and MetalLB is not discarding the configuration as not valid
  • I enabled the debug logs, collected the information required from the cluster using the collect script and will attach them to the issue
  • I will provide the definition of my service and the related endpoint slices and attach them to this issue
@fedepaol
Copy link
Member

Related slack thread: https://kubernetes.slack.com/archives/C8FSTGU56/p1724739250769909

@fedepaol fedepaol added enhancement and removed bug labels Sep 3, 2024
@fedepaol
Copy link
Member

fedepaol commented Sep 3, 2024

This sounds doable, but we need to be careful in considering the complexity and the logic.

In case of a dual stack service, what metallb should do is:

  • look for dual stack pools
  • If not available, look for single stack pools for the primary family
  • If not available, look for single stack pools for the secondary family

With the premise that a lot of our logic is tied to the pool the IP comes from, we want to keep the same pool for both addresses.
At that point, we need to choose what to do if:

  • a new pool that would provide both addresses is available (I'd say don't change the service)
  • the current pool is extended with the missing family (maybe we can then provide the service with the missing one)

This, to be done also when the controller restarts.

Said that, I currently don't have the bandwith to work on this but I am open to review if somebody wants to take it.

@mquhuy
Copy link
Contributor

mquhuy commented Sep 5, 2024

/assign

@mquhuy mquhuy linked a pull request Sep 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mquhuy mquhuy

Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🌱 Add PreferDualStack IP family and related tests Nordix/metallb
3 participants
@fedepaol @mquhuy @abhishekjain1982