Skip to content

Why kube-proxy add external-lb's address to node local iptables rule? #66607

New issue
New issue
Closed
#92312
Closed
Why kube-proxy add external-lb's address to node local iptables rule?#66607
#92312
Assignees
andrewsykim
Labels
kind/bugCategorizes issue or PR as related to a bug.kind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.kind/featureCategorizes issue or PR as related to a new feature.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.sig/networkCategorizes an issue or PR as relevant to SIG Network.
@BSWANG

Description

@BSWANG
BSWANG
opened on Jul 25, 2018

/kind friction

What happened:
I have a LoadBalancer type service A of address 1.1.1.1. The external loadbalancer of service A is a TLS decoder, it will convert https requests to http hostport and endpoint. But since the kube-proxy add the external-lb's address to local iptables rule. Requests of https//1.1.1.1 will hijack to local http endpoints. Then https request failed.

What you expected to happen:
Kube-proxy don't add external-lb's address to local iptables. And the request will go through external-lb.

Environment:

  • Kubernetes version (use kubectl version):
    1.10.4
  • Cloud provider or hardware configuration:
    Alibaba Cloud
  • OS (e.g. from /etc/os-release):
    Centos 7.4
  • Kernel (e.g. uname -a):
    3.10.0-693
  • Install tools:
    kubeadm

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.kind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.kind/featureCategorizes issue or PR as related to a new feature.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.sig/networkCategorizes an issue or PR as relevant to SIG Network.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions