Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container is unable to resolve IPv6 localhost address #84598

Closed
ramgdev opened this issue Oct 31, 2019 · 13 comments
Closed

Container is unable to resolve IPv6 localhost address #84598

ramgdev opened this issue Oct 31, 2019 · 13 comments
Assignees
@caseydavenport
Labels
kind/support Categorizes issue or PR as a support question. sig/network Categorizes an issue or PR as relevant to SIG Network.

Comments

@ramgdev
Copy link

ramgdev commented Oct 31, 2019

What happened:
We uncovered an issue in our application that runs inside a Docker container and makes url requests to services that are exposed on localhost ports. When trying to connect to the urls using IPv6 address for localhost [::1], all the requests are failing with connection refused error. But the same requests were successful when using the IPv4 address 127.0.0.1.

What you expected to happen:
We expect the both IPv6 and IPv4 formats of localhost to work seamlessly.

How to reproduce it (as minimally and precisely as possible):
I have a sample nodejs app dns-sample.zip attached below that reproduces the same issue. This app listens on IPv6 address ::. When a request comes in, it gets the response by making a localhost request using IPv6 address format. As you can see, the request is failing in this case.

  • Extract the zip file and cd dns-sample
  • Build the docker image docker build -t ramji/node-web-app .
  • Deploy the pod kubectl create -f pod.yaml
  • Get the pod IP from kubectl get pods -o wide
  • Make a request curl http://<pod ip>:8080

Anything else we need to know?:
We noticed that the problem does not occur when we downgraded Docker version to 17.03. It was a blind attempt after noticing this bug report: containernetworking/cni#531

Environment:

  • Kubernetes version (use kubectl version):
    Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.3", GitCommit:"5e53fd6bc17c0dec8434817e69b04a25d8ae0ff0", GitTreeState:"clean", BuildDate:"2019-06-06T01:44:30Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
    Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.4", GitCommit:"a87e9a978f65a8303aa9467537aa59c18122cbf9", GitTreeState:"clean", BuildDate:"2019-07-08T08:43:10Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

  • Cloud provider or hardware configuration:

  • OS (e.g: cat /etc/os-release):
    NAME="Ubuntu"
    VERSION="18.04.2 LTS (Bionic Beaver)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 18.04.2 LTS"
    VERSION_ID="18.04"
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    VERSION_CODENAME=bionic
    UBUNTU_CODENAME=bionic

  • Kernel (e.g. uname -a):
    Linux ab2-k8s 4.15.0-54-generic Change flag.Duration descriptions to be unit-free. #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

  • Install tools:
    docker version:
    Client:
    Version: 18.06.3-ce
    API version: 1.38
    Go version: go1.10.3
    Git commit: d7080c1
    Built: Wed Feb 20 02:28:10 2019
    OS/Arch: linux/amd64
    Experimental: false

Server:
Engine:
Version: 18.06.3-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: d7080c1
Built: Wed Feb 20 02:26:34 2019
OS/Arch: linux/amd64
Experimental: false

  • Network plugin and version (if this is a network-related bug):
    calico 3.10

  • Others:
    dns-sample.zip
@ramgdev ramgdev added the kind/bug Categorizes issue or PR as related to a bug. label Oct 31, 2019
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Oct 31, 2019
@ramgdev
Copy link
Author

ramgdev commented Oct 31, 2019
edited
Loading

@kubernetes/sig-network

@athenabot
Copy link

/sig network

These SIGs are my best guesses for this issue. Please comment /remove-sig <name> if I am incorrect about one.

🤖 I am a bot run by vllry. 👩‍🔬

@k8s-ci-robot k8s-ci-robot added sig/network Categorizes an issue or PR as relevant to SIG Network. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 31, 2019
@athenabot
Copy link

/triage unresolved

Comment /remove-triage unresolved when the issue is assessed and confirmed.

🤖 I am a bot run by vllry. 👩‍🔬

@k8s-ci-robot k8s-ci-robot added the triage/unresolved Indicates an issue that can not or will not be resolved. label Oct 31, 2019
@vllry
Copy link
Contributor

vllry commented Oct 31, 2019

/assign @caseydavenport

@athenabot
Copy link

@caseydavenport
If this issue has been triaged, please comment /remove-triage unresolved.

If you aren't able to handle this issue, consider unassigning yourself and/or adding the help-wanted label.

🤖 I am a bot run by vllry. 👩‍🔬

1 similar comment
@athenabot
Copy link

@caseydavenport
If this issue has been triaged, please comment /remove-triage unresolved.

If you aren't able to handle this issue, consider unassigning yourself and/or adding the help-wanted label.

🤖 I am a bot run by vllry. 👩‍🔬

@caseydavenport
Copy link
Member

@ramgdev looks like the linked issue suggests different versions of Docker set IPv6 sysctls differently.

On the broken system, could you check the following?

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

It sounds to me like this is probably an issue with Docker, rather than Kubernetes.

You might also want to try using the latest Calico v3.10.2 patch release, which also includes an IPv6 fix: https://docs.projectcalico.org/v3.10/release-notes/

@athenabot
Copy link

@caseydavenport
If this issue has been triaged, please comment /remove-triage unresolved.

If you aren't able to handle this issue, consider unassigning yourself and/or adding the help-wanted label.

🤖 I am a bot run by vllry. 👩‍🔬

@caseydavenport
Copy link
Member

/triage support
/remove-triage unresolved

@k8s-ci-robot k8s-ci-robot added kind/support Categorizes issue or PR as a support question. and removed triage/unresolved Indicates an issue that can not or will not be resolved. labels Jan 9, 2020
@caseydavenport
Copy link
Member

/remove-kind bug

@k8s-ci-robot k8s-ci-robot removed the kind/bug Categorizes issue or PR as related to a bug. label Jan 9, 2020
@caseydavenport
Copy link
Member

/close

@k8s-ci-robot
Copy link
Contributor

@caseydavenport: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@abdennour
Copy link

isn't it related to service.spec.ipFamilies ?!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caseydavenport caseydavenport

Labels
kind/support Categorizes issue or PR as a support question. sig/network Categorizes an issue or PR as relevant to SIG Network.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@abdennour @caseydavenport @ramgdev @vllry @k8s-ci-robot @athenabot