Watch API breaks on IPv6 #599
Comments
|
KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT are both defined by that service that you mentioned (see the docs here: https://kubernetes.io/docs/concepts/services-networking/service/#environment-variables) that's not deprecated. It's unfortunate that there is a bug in request. There's a broader issue of "how do we move forward with a different HTTP library" that we need to resolve. |
|
You are right, I missed that chapter. Then it means a requirement for #414 : Accessing K8S API thorugh IPv6 address. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
In our cluster kubernetes configured to use IPv6, and our service uses the K8S API internally from the cluster.
However starting a watch operation throws an error:
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: 2001. is not in the cert's altnames: DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:2001:1B70:82B9:18:0:0:2:1, IP Address:FD08:0:0:0:0:0:0:6, IP Address:2001:1B70:82B9:18:0:0:3:B, IP Address:2001:1B70:82B9:18:0:0:3:1, IP Address:FD08:0:0:0:0:0:0:7
After digging into the issue it turned out that the Request library which handles ipv6 hostnames wrongly:
request/request#3274
As Request is deprecated this issue likely won't be fixed.
Also I found that in the official latest K8S doc the proposed way to access the API to use DNS names:
https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api
The KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT is hardly mentioned, so I guess it is some deprecated way to do it.
As workaround adding a KUBERNETES_SERVICE_HOST=kubernetes.default.svc env parameter in the deployment config helped for us, but it may be a permanent solution: change the config.loadFromCluster() method and use well-known DNS name instead env variables, by default.
The text was updated successfully, but these errors were encountered: