kiranchavala opened a new issue, #7917:
URL: https://github.com/apache/cloudstack/issues/7917
ISSUE TYPE
* BUG Report
COMPONENT NAME
Component: Kubernetes
CLOUDSTACK VERSION
Cloudstack version 4.18
SUMMARY
Egress rules present in a network are not getting applied to a Kubernetes
cluster
Steps to reproduce the issue
1. Launch a Kubernetes cluster
2. Connect to the Kubernetes cluster
3. Go to Isolated network > Egress rule tab and allow ALL
<img width="789" alt="Screenshot 2023-08-28 at 4 48 20 PM"
src="https://github.com/apache/cloudstack/assets/1401014/ae70edad-d249-47cc-b269-bcf182e27e61";>
4. Deploy application on the Kubernetes cluster
For example a nginx application
kubectl apply -f nginx.yaml
```
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
```
6. Get a public Ip for the application via this command
kubectl expose deploy/nginx-deployment --port=80 --type=LoadBalancer
Actual Results
The application fails to deploy with the error "Failed to Pull Image"
```
NAMESPACE NAME
READY STATUS RESTARTS AGE
default nginx-deployment-6595874d85-4p22k 0/1
ImagePullBackOff 0 54s
default nginx-deployment-6595874d85-wlwq5 0/1
ImagePullBackOff 0 54s
```
```
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 93s default-scheduler Successfully
assigned default/nginx-deployment-6595874d85-wt6fs to ghj-node-18a3bfa3ee3
Warning Failed 62s kubelet Failed to pull
image "nginx:1.14.2": rpc error: code = Unknown desc = failed to pull and
unpack image "docker.io/library/nginx:1.14.2": failed to resolve reference
"docker.io/library/nginx:1.14.2": failed to do request: Head
"https://registry-1.docker.io/v2/library/nginx/manifests/1.14.2": dial tcp
44.205.64.79:443: i/o timeout
Normal BackOff 61s kubelet Back-off pulling
image "nginx:1.14.2"
Warning Failed 61s kubelet Error:
ImagePullBackOff
Normal Pulling 48s (x2 over 92s) kubelet Pulling image
"nginx:1.14.2"
Warning Failed 2s (x2 over 62s) kubelet Error:
ErrImagePull
Warning Failed 2s kubelet Failed to pull
image "nginx:1.14.2": rpc error: code = Unknown desc = failed to pull and
unpack image "docker.io/library/nginx:1.14.2": failed to resolve reference
"docker.io/library/nginx:1.14.2": failed to do request: Head
"https://registry-1.docker.io/v2/library/nginx/manifests/1.14.2": dial tcp
3.216.34.172:443: i/o timeout
```
Logs, for the failure to acquire a Public IP
```
I0828 11:43:28.584138 1 event.go:278]
Event(v1.ObjectReference{Kind:"Service", Namespace:"default",
Name:"nginx-deployment", UID:"65d909ec-2cd8-4097-9bb7-6f12b5962d2b",
APIVersion:"v1", ResourceVersion:"910", FieldPath:""}): type: 'Normal' reason:
'EnsuringLoadBalancer' Ensuring load balancer
E0828 11:43:35.876153 1 node_controller.go:245] Error getting node
addresses for node "tyu-control-18a3beffe8f": error fetching node by provider
ID: error retrieving node addresses: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listVirtualMachines&id=&response=json&signature=l0PsF46pf1lSvdBd48O%2FjXA4q1k%3D:
dial tcp 10.0.35.177:8080: i/o timeout, and error by node name: error
retrieving node addresses: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listVirtualMachines&name=tyu-control-18a3beffe8f&response=json&signature=9s6%2BHi9oxBFGhJHquIsE2UtWRZw%3D:
dial tcp 10.0.35.177:8080: i/o timeout
E0828 11:43:58.676516 1 controller.go:244] error processing service
default/nginx-deployment (will retry): failed to ensure load balancer: error
retrieving load balancer rules: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listLoadBalancerRules&keyword=a65d909ec2cd840979bb76f12b5962d2&listall=true&response=json&signature=6MeRwi7JABRTHaKS1Xzvv%2BxjUZA%3D:
dial tcp 10.0.35.177:8080: i/o timeout
I0828 11:43:58.676913 1 event.go:278]
Event(v1.ObjectReference{Kind:"Service", Namespace:"default",
Name:"nginx-deployment", UID:"65d909ec-2cd8-4097-9bb7-6f12b5962d2b",
APIVersion:"v1", ResourceVersion:"910", FieldPath:""}): type: 'Warning' reason:
'SyncLoadBalancerFailed' Error syncing load balancer: failed to ensure load
balancer: error retrieving load balancer rules: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listLoadBalancerRules&keyword=a65d909ec2cd840979bb76f12b5962d2&listall=true&response=json&signature=6MeRwi7JABRTHaKS1Xzvv%2BxjUZA%3D:
dial tcp 10.0.35.177:8080: i/o timeout
I0828 11:44:03.677645 1 event.go:278]
Event(v1.ObjectReference{Kind:"Service", Namespace:"default",
Name:"nginx-deployment", UID:"65d909ec-2cd8-4097-9bb7-6f12b5962d2b",
APIVersion:"v1", ResourceVersion:"914", FieldPath:""}): type: 'Normal' reason:
'EnsuringLoadBalancer' Ensuring load balancer
E0828 11:44:05.876844 1 node_controller.go:237] error retrieving
instance ID: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listVirtualMachines&name=tyu-node-18a3bf0325b&response=json&signature=BX2eoDo8kumV62PyttwR3gWxJeE%3D:
dial tcp 10.0.35.177:8080: i/o timeout
E0828 11:44:33.678713 1 controller.go:244] error processing service
default/nginx-deployment (will retry): failed to ensure load balancer: error
retrieving load balancer rules: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listLoadBalancerRules&keyword=a65d909ec2cd840979bb76f12b5962d2&listall=true&response=json&signature=6MeRwi7JABRTHaKS1Xzvv%2BxjUZA%3D:
dial tcp 10.0.35.177:8080: i/o timeout
I0828 11:44:33.678860 1 event.go:278]
Event(v1.ObjectReference{Kind:"Service", Namespace:"default",
Name:"nginx-deployment", UID:"65d909ec-2cd8-4097-9bb7-6f12b5962d2b",
APIVersion:"v1", ResourceVersion:"914", FieldPath:""}): type: 'Warning' reason:
'SyncLoadBalancerFailed' Error syncing load balancer: failed to ensure load
balancer: error retrieving load balancer rules: Get
http://10.0.35.177:8080/client/api?apiKey=7agfDzjXNy3wnbI4M8o3Oz6gEv12w8rmPDW3jjkG0SZOpHjEtsovd4uNw7US6w3kUb62p6F_5Txi37kDRO4qNw&command=listLoadBalancerRules&keyword=a65d909ec2cd840979bb76f12b5962d2&listall=true&response=json&signature=6MeRwi7JABRTHaKS1Xzvv%2BxjUZA%3D:
dial tcp 10.0.35.177:8080: i/o timeout
```
Expected Results
The application should deploy without any issues and the end user should
acquire the public ip without any issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
