LB-IPAM: Unable to set single addresses as a pool #24351
Description
Is there an existing issue for this?
- I have searched the existing issues
What happened?
I tried to create a pool with only single IPv4 (/32) and IPv6 (/128) addresses inside it.
I expected it to see that the pool has two IP addresses in total, but it doesn't seem to get that.
Instead it's having very hard time allocating IPs from it.
Cilium Version
cilium-cli: v0.12.1 compiled with go1.18.5 on linux/amd64
cilium image (default): v1.12.0
cilium image (stable): v1.13.0
cilium image (running): v1.13.0
Kernel Version
5.15.0-1025-raspi
Kubernetes Version
{
"clientVersion": {
"major": "1",
"minor": "26",
"gitVersion": "v1.26.1",
"gitCommit": "8f94681cd294aa8cfd3407b8191f6c70214973a4",
"gitTreeState": "archive",
"buildDate": "2023-02-06T14:43:47Z",
"goVersion": "go1.19.4",
"compiler": "gc",
"platform": "linux/amd64"
},
"kustomizeVersion": "v4.5.7",
"serverVersion": {
"major": "1",
"minor": "25",
"gitVersion": "v1.25.6+k3s1",
"gitCommit": "9176e03c5788e467420376d10a1da2b6de6ff31f",
"gitTreeState": "clean",
"buildDate": "2023-01-26T00:30:33Z",
"goVersion": "go1.19.5",
"compiler": "gc",
"platform": "linux/arm64"
}
}
Sysdump
Too large; It's here
Relevant log output
level=info msg="Notify ingress controller for service ingress" subsys=ingress-controller
level=error msg="Failed to process Ingress event, skipping: {oldIngress:0x4000171f00 newIngress:0x40015bc100}" subsys=ingress-controller
level=error msg="Unable to allocate IP" error="provided IP is not in the valid range. The range of valid IPs is 185.218.193.58/32" subsys=lbipam
level=error msg="Unable to allocate IP" error="provided IP is not in the valid range. The range of valid IPs is 2001:67c:1104:e03e::443/128" subsys=lbipam
level=info msg="Notify ingress controller for service ingress" subsys=ingress-controller
level=error msg="Unable to allocate IP" error="provided IP is not in the valid range. The range of valid IPs is 185.218.193.58/32" subsys=lbipam
level=error msg="Unable to allocate IP" error="provided IP is not in the valid range. The range of valid IPs is 2001:67c:1104:e03e::443/128" subsys=lbipamAnything else?
This is valid way for MetalLB, and I think it should work with Cilium too.
The pool manifest can be found here
The cilium ingress svc looks like this:
apiVersion: v1
kind: Service
metadata:
annotations:
io.cilium/lb-ipam-ips: 185.218.193.58,2001:67c:1104:e03e::443
meta.helm.sh/release-name: cilium
meta.helm.sh/release-namespace: kube-system
creationTimestamp: "2023-03-13T16:52:43Z"
labels:
app.kubernetes.io/managed-by: Helm
cilium.io/ingress: "true"
helm.toolkit.fluxcd.io/name: cilium
helm.toolkit.fluxcd.io/namespace: kube-system
name: cilium-ingress
namespace: kube-system
resourceVersion: "2315905"
uid: 2b9c0a9c-b58a-45dd-bd47-1e00f21533cc
spec:
allocateLoadBalancerNodePorts: true
clusterIP: 10.46.159.107
clusterIPs:
- 10.46.159.107
- 2001:67c:1104:e03e::c94b
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
- IPv6
ipFamilyPolicy: RequireDualStack
ports:
- name: http
nodePort: 31019
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 31816
port: 443
protocol: TCP
targetPort: 443
sessionAffinity: None
type: LoadBalancer
status:
conditions:
- lastTransitionTime: "2023-03-13T16:52:43Z"
message: ""
reason: satisfied
status: "True"
type: io.cilium/lb-ipam-request-satisfied
loadBalancer: {}
Code of Conduct
- I agree to follow this project's Code of Conduct