Skip to content

FEATURE: allow disabling private IPs #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
squat merged 1 commit into from
Mar 24, 2021
Merged

FEATURE: allow disabling private IPs #127

squat merged 1 commit into from
Mar 24, 2021

Conversation

@leonnicolas
Copy link
Collaborator

@leonnicolas leonnicolas commented Mar 2, 2021

When forcing the internal IP to "" or "-" with the force-internal-ip annotation, private IPs won't be used.

Nodes that have the annotation will be put in their own location: e.g.: "node:node-name". Then they will try to use WireGuard to connect to other nodes' endpoints in the cluster over their public interface. This only works, if the kubelet of the respected nodes can still connect to the API server over a public endpoint. If the kubelet uses a private IP to connect to the API server, Kilo will create routes so that the kubelet's request to the API server will go over the WireGuard interface. This leading to the node being not ready, if the API server's node has not set up the WireGurad config correctly. Anyways, trying to encrypt API server communication over Kilo's WireGuard sounds like a hen egg problem.

@SerialVelocity I don't have any device with a private and public interface. Could you test this?

@SerialVelocity
Copy link
Contributor

SerialVelocity commented Mar 2, 2021

Sorry, might be a while before I can test it. Might be next weekend

squat
squat approved these changes Mar 3, 2021
View reviewed changes
Copy link
Owner

@squat squat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very non-invasive to me :)

@leonnicolas
FEATURE: allow disabling private IPs
9d10d4a 
When forcing the internal IP to "" or "-", private IPs won't be used.
@squat
Copy link
Owner

squat commented Mar 24, 2021

tested this on our clusters and it is working 🎉

@leonnicolas leonnicolas marked this pull request as ready for review March 24, 2021 19:44
@squat squat merged commit dc34682 into main Mar 24, 2021
@squat squat deleted the disable_private_ip branch March 24, 2021 20:09
@leonnicolas leonnicolas mentioned this pull request Apr 1, 2021
Closed
@leonnicolas leonnicolas mentioned this pull request Apr 15, 2021
Open
@sepich sepich mentioned this pull request Oct 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@squat squat squat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@leonnicolas @SerialVelocity @squat