Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm tutorial + romana doesn't work #143

Open
vide opened this issue Nov 10, 2016 · 4 comments
Open

kubeadm tutorial + romana doesn't work #143

vide opened this issue Nov 10, 2016 · 4 comments

Comments

@vide
Copy link

vide commented Nov 10, 2016

Hello

I was following http://kubernetes.io/docs/getting-started-guides/kubeadm/ to try a kubernetes installation and I've installed romana networking with kubectl apply -f https://raw.githubusercontent.com/romana/romana/master/containerize/specs/romana-kubeadm.yml

Afterwards, I deploy the sample application (sock-shop) and I try to connect to the front-end port on the master's public LAN IP but it doesn't work, it seems that packets are dropped somewhere in the stack, even if I can see that an iptables NAT rule is present for the kube-proxy exposed port:

[root@k8s-test01 ~]# iptables -t nat -L|grep "sock-shop/front-end"
KUBE-MARK-MASQ  tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp dpt:31415
KUBE-SVC-LFMD53S3EZEAOUSJ  tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp dpt:31415
KUBE-MARK-MASQ  all  --  100.115.114.12       anywhere             /* sock-shop/front-end: */
DNAT       tcp  --  anywhere             anywhere             /* sock-shop/front-end: */ tcp to:100.115.114.12:8079
KUBE-SVC-LFMD53S3EZEAOUSJ  tcp  --  anywhere             10.97.155.32         /* sock-shop/front-end: cluster IP */ tcp dpt:http
KUBE-SEP-QXDXZJAQV2LSLCKA  all  --  anywhere             anywhere             /* sock-shop/front-end: */

The host OS is CentOS 7.2
@cgilmour
Copy link
Collaborator

Hi @vide, thanks for opening up an issue.

We've identified the cause, and it's a small bug in our policy agent.
A fix has been made and tested today, and will be bundled in an upcoming release.

Once it is installed, then you should be able to access the sock-shop application via the front-end NodePort. If you're enabling isolation on the sock-shop namespace, then additional policies will need to be applied to permit communication between pods and also to make the front-end port reachable from nodes.

Thanks!

@cgilmour cgilmour mentioned this issue Nov 15, 2016
Merged
@cgilmour
Copy link
Collaborator

Hi @vide, I've pushed up a new release that covers the bug fixes mentioned previously.
Installation instructions remain the same, and I've tested installing the demo application.
It worked as expected in the new release.

@vide
Copy link
Author

vide commented Nov 16, 2016

Thanks! I will try again and let you know ASAP

@intlabs intlabs mentioned this issue Nov 21, 2016
Merged
@bweston92
Copy link

I don't know if this is the same problem I'm having, but if so it isn't fixed. kubernetes/kubernetes#37552

cgilmour pushed a commit that referenced this issue Oct 19, 2017
@jbrendel
Updates to Romana README (#143)
de7e500 
* Added third diagram.

* Fixed small issue in figures.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vide @cgilmour @bweston92