Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection Timeout to extraPortMappings NodePort after kindest/node:v1.30.2 #3873

Open
iAnomaly opened this issue Feb 21, 2025 · 1 comment
Open

Connection Timeout to extraPortMappings NodePort after kindest/node:v1.30.2 #3873

iAnomaly opened this issue Feb 21, 2025 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@iAnomaly
Copy link

iAnomaly commented Feb 21, 2025
edited
Loading

What happened:

This is a strange one and I have tested many iterations of different kind CLI and image versions to isolate the breaking change. When creating a kind cluster with any kindest/node image later than v1.30.2 [sha256:ecfe5841b9bee4fe9690f49c118c33629fa345e3350a0c67a5a34482a99d6bba] I get connection timeouts to any hostPort specified in nodes[].extraPortMappings. See cluster.yaml below.

What you expected to happen:
Traffic should connect and route as previously.

How to reproduce it (as minimally and precisely as possible):
Unless my issue is environment related, try setting up a Service of type:NodePort which ports[].nodePort matching extraPortMappings[].containerPort. Note that on kindest/node:v1.30.2 this works while kindest/node:v1.30.3 or above does not (including minor bumps such as v1.31).

Anything else we need to know?:
Cluster YAML

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
    - containerPort: 30080
      hostPort: 80
    - containerPort: 30443
      hostPort: 443
  image: kindest/node:v1.30.2@sha256:ecfe5841b9bee4fe9690f49c118c33629fa345e3350a0c67a5a34482a99d6bba
  ## Not working
  ## image: kindest/node:v1.30.3@sha256:bf91e1ef2f7d92bb7734b2b896b3dddea98f0496b34d96e37dd5d7df331b7e56
  ## image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
  ## image: kindest/node:v1.30.6@sha256:b6d08db72079ba5ae1f4a88a09025c0a904af3b52387643c285442afb05ab994
  ## image: kindest/node:v1.30.10@sha256:4de75d0e82481ea846c0ed1de86328d821c1e6a6a91ac37bf804e5313670e507
  ## image: kindest/node:v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f

Service YAML

apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  namespace: flux-system
spec:
  ports:
  - name: status-port
    nodePort: 31212
    port: 15021
    protocol: TCP
    targetPort: 15021
  - name: http2
    nodePort: 30080
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 30443
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  type: NodePort

Environment:

  • kind version: (use kind version): kind v0.27.0 go1.23.6 darwin/arm64 (tested with v0.26.0 and v0.25.0 as well)
  • Runtime info: (use docker info, podman info or nerdctl info):
Client:
 Version:    27.5.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  ai: Ask Gordon - Docker Agent (Docker Inc.)
    Version:  v0.7.3
    Path:     ~/.docker/cli-plugins/docker-ai
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.20.1-desktop.2
    Path:     ~/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.32.4-desktop.1
    Path:     ~/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.38
    Path:    ~/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Beta) (Docker Inc.)
    Version:  v0.1.4
    Path:     ~/.docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     ~/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.27
    Path:     ~/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:    ~/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.4.0
    Path:     ~/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     ~/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.16.1
    Path:     ~/.docker/cli-plugins/docker-scout

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 67
 Server Version: 27.5.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
 runc version: v1.1.12-0-g51d5e946
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.12.5-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 14
 Total Memory: 15.6GiB
 Name: docker-desktop
 ID: ec7c96ba-5422-4a24-bdf7-82e65f60b9e6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///~/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false
  • OS (e.g. from /etc/os-release): macOS Sequoia 15.3.1 (24D70)
  • Kubernetes version: (use kubectl version): Client Version: v1.32.2
  • Any proxies or other special environment settings?: I have tested this with NodePorts pointing to both ingress-nginx and Istio Gateway to rule out the backend/target layer)
@iAnomaly iAnomaly added the kind/bug Categorizes issue or PR as related to a bug. label Feb 21, 2025
@BenTheElder
Copy link
Member

A note about images:
https://kind.sigs.k8s.io/docs/user/quick-start/#creating-a-cluster:~:text=Prebuilt%20images%20are%20hosted%20atkindest/node%2C%20but%20to%20find%20images%20suitable%20for%20a%20given%20release%20currently%20you%20should%20check%20the%20release%20notes%20for%20your%20given%20kind%20version%20(check%20with%20kind%20version)%20where%20you%E2%80%99ll%20find%20a%20complete%20listing%20of%20images%20created%20for%20a%20kind%20release.

https://github.com/kubernetes-sigs/kind/releases/tag/v0.27.0#new-features
(see the NOTE)

That said, I'm not aware of any change to port-forward, maybe the default nodeport range changes in Kubernetes??

cc @aojea

I think it would be worth testing with a really trivial nodePort service to ensure it's not related to the application deployed to the cluster.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BenTheElder @iAnomaly