Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Service type: LoadBalancer IPs re-assigned when services are updated #3615

Open
jennweir opened this issue Oct 28, 2024 · 1 comment
Open

Comments

@jennweir
Copy link

jennweir commented Oct 28, 2024

Setup Details

CIS Version: 2.18.0
Build: 0.289.5
BIGIP Version: Big IP 17.1.1.3
AS3 Version: 3.46.2
Agent Mode: AS3/CCCL
Orchestration: K8S/OSCP
Orchestration Version: 1.28.9 / 4.15.12
Pool Mode: Cluster/Nodeport
Additional Setup details: <Platform/CNI Plugins/ cluster nodes/ etc>

Description

When a service of type: LoadBalancer is updated after a service with a lexicographically lower external IP is deleted, the external IP address assigned to the updated svc changes. The originally assigned external IP address is put back into the IP pool and can be assigned to another service. This is extremely problematic for services where the external IP is expected to stay the same with dependencies that rely on the IP address not changing.

Steps To Reproduce

  1. Create two services of type: LoadBalancer and check that they have been successfully assigned external IPs. Save these IPs somewhere where you can compare the service names and IPs after the following steps.

kubectl get svc -A | grep -i loadbalancer > lb.before

  1. Delete the service of type: LoadBalancer with the lexicographically lower IP.

  2. Edit the service with the lexicographically higher IP in some way. For example, add a fake label to the service and save the changes.

labels:
   app: test
labels:
   app: test
   testing: new-label
  1. Diff the output from step 1 with the output containing the services and IP addresses after the above edit in step 3 is made

kubectl get svc -A | grep -i loadbalancer > lb.after

diff lb.before lb.after

The above diff should show the IP address was changed.

Expected Result

The IP address assigned to a svc (after another svc is deleted) should not change. It should maintain the same IP even if the existence of other services change.

Actual Result

The external IP address assigned to a svc (after a svc with a lexicographically lower IP is deleted) changes.

Diagnostic Information

kubectl get svc -A | grep -i loadbalancer > lb.before

test-ns      service1     LoadBalancer       X.X.X.12          
test-ns      service2     LoadBalancer       X.X.X.20                                 
---
Delete service1
---
Edit service2
---
kubectl get svc -A | grep -i loadbalancer > lb.after

test-ns      service2     LoadBalancer       X.X.X.12

X.X.X.20  becomes available when it should have stayed assigned to service2. X.X.X.12 should have become available

Note: since this follows lexicographical ordering, this behavior is observed to be the same when X.X.X.20 is replaced with X.X.X.2

Observations (if any)

  1. It seems that when a service is updated (after a svc with lexicographically lower IP is deleted), it is being treated like a POST request instead of a PUT request. When the contents of the service object are updated, the external IP is re-assigned (like a create) instead of kept the same (like an update).
  2. The order that external IPs are assigned and values are retrieved follows lexicographical ordering, not numerical ordering.
    https://stackoverflow.com/questions/45950646/what-is-lexicographical-order
@jennweir jennweir added bug untriaged no JIRA created labels Oct 28, 2024
@trinaths
Copy link
Contributor

trinaths commented Nov 6, 2024

Created [CONTCNTR-4974] for internal tracking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants