Network issues in Azure

luis-garza

Hi! I've got some issues under an Azure lab using Calico CNI.
For instance in lab 3.1.20, accessing through POD IP works from the node where is deployed the POD, but accessing through cluster-ip

chrispokorni

Hi @luis-garza,

There are some know issues around Azure's support for calico network plugin.
There is a solution posted in an earlier discussion, check it out:

https://forum.linuxfoundation.org/discussion/855882/labs-on-azure#latest

Regards,
-Chris

luis-garza

Sorry, the message was truncated, here's the original post:

Hi! I've got some issues running the labs under Azure using Calico CNI.

For instance in lab 3.1.20, accessing through endpoints works fine from the same node where is deployed the pod, but accessing through cluster-ip doesn't behave as it's expected, it works randomly and only from worker nodes, never from master nodes...

I've seen some issues about Azure & Calico CNI documented on the Internet and also here in the class forum, therefore I've setup another lab on Azure but running Weave Net CNI instead Calico.

Now I can access a service through either endpoints and cluster-ip! The only concern now is that the endpoint addresses works from any worker or master node, and not only from the same node where is the deployed the pod. I'm not sure if this is the same behavior in Calico...

Therefore, I'm considering run the whole course labs with Weaver Net instead Calico CNI, looks like it supports also Network Policies so, I'm wondering if I'm OK with it or I will find some blockers later...

Please, could you advice me?
Thanks in advance!

serewicz

Hello,

Azure has had a history of network issues. Which is why we do not support or test using Azure for the labs. While some folks have been able to get some things to work, I would expect it will be an ongoing issue.

Regards,

luis-garza

@chrispokorni, @serewicz, thanks for your quick replies.

Yes, I know it, GCP looks quite better to play with, but I have access to an Azure account. That's why I'm setting the lab there...

In any case, I was able to set up a multi node cluster in HA, if it helps someone, here is how I did:

• https://github.com/luis-garza/k8s-lab

It uses Terraform to create the basic infrastructure, and Ansible to set up the cluster. To work with multiple masters in HA I'm using and external load balancer, Traefik, instead Azure load balancer service as it had some issues:

• https://github.com/kubernetes/kubeadm/issues/1685

Therefore, the Ansible playbooks could be used easily on other Cloud providers or even on local VMs, I'll extend the project with a Vagrant helper in case I'll find any other blocker in Azure and Weave Net as CNI.

Cheers.

serewicz

Thanks for sharing what you found!

serewicz

We do not support Azure for the labs. Too many problems.