kube-proxy should log the payload when iptables-restore fails #104234
Comments
|
@cchxn258886: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@Network |
|
you can increase kube-proxy verbosity adding Kubernetes 1.17 is EOL, so you should upgrade to 1.19 at least https://kubernetes.io/releases/ |
|
/sig network |
hello bro。my cluster is use kubeadm init .so what should i do .i know this is use configmap 。but in this i can not found how edit this configmap is available?about upgrade this cluster .this time is impossible。 |
about stack. i only get this log. 11:25:38.390292 1 proxier.go:779] Sync failed; retrying in 30s
E0805 11:36:18.240849 1 proxier.go:1507] Failed to execute iptables-restore: exit status 1 (iptables-restore: line 46 failed
)
I0805 11:36:18.240985 1 proxier.go:779] Sync failed; retrying in 30s
W0805 11:45:14.938674 1 server_others.go:323] Unknown proxy mode "", assuming iptables proxy
I0805 11:45:14.951384 1 node.go:135] Successfully retrieved node IP: 10.60.44.71
I0805 11:45:14.951437 1 server_others.go:145] Using iptables Proxier.
I0805 11:45:14.951948 1 server.go:571] Version: v1.17.2
I0805 11:45:14.952618 1 conntrack.go:52] Setting nf_conntrack_max to 655360
I0805 11:45:14.953070 1 config.go:131] Starting endpoints config controller
I0805 11:45:14.953105 1 config.go:313] Starting service config controller
I0805 11:45:14.953143 1 shared_informer.go:197] Waiting for caches to sync for endpoints config
I0805 11:45:14.953144 1 shared_informer.go:197] Waiting for caches to sync for service config
I0805 11:45:15.053346 1 shared_informer.go:204] Caches are synced for endpoints config
I0805 11:45:15.053355 1 shared_informer.go:204] Caches are synced for service config
E0805 11:46:53.104982 1 proxier.go:1507] Failed to execute iptables-restore: exit status 1 (iptables-restore: line 47 failed
) |
|
To increase the verbosity on kube-proxy on a kubeadm deployment you can do and wait until pods are restarted. Despite that, if there is a bug, it will not be backported to 1.17, so you have to go to a supported version first |
|
I swear we added code to dump the ruleset when this happens, but I don't see it any more. |
|
I'm going to re-purpose this as a feature :) |
thockin
changed the title
thockin
added
good first issue
help wanted
triage/accepted
and removed
needs-triage
labels
|
Hi, I would like to pick this up. Can someone give me some code pointers on where to start? |
|
Let me know if I can help in anyway. @thockin |
|
/assign |
|
I'd start with pkg/util/iptables/iptables.go - It's worth thinking about the cleanest solution here, but maybe something like: When you get an error from exec, parse the error for You'll proably want a helper func to do that, which could live in that same iptables package. And a test. |
my k8s cluster version is 1.17.x 。this cluster has 10 nodes.one master 。
only 2 nodes get problem.
it make my svc sometime can use。sometime can timeout。
what can i do can resolve this problem ?
this 2 node's svc is nodeportType 。
The text was updated successfully, but these errors were encountered: