Bug report
General Information
It seems to be impossible to specify the Cilium nodePort range in 1.7, as mentioned here:
https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/
If kube-apiserver was configured to use a non-default NodePort port range, then the same range must be passed to Cilium via the global.nodePort.range option.
The correct syntax of this value isn't documented anywhere, and after trying several permutations it seems like the parser may not be correctly parsing this value. These options fail:
3300-35000
"[3300,35000]"
[3300,35000] -> yaml validator error
[3300-35000] -> yaml validator error
Versions
- Cilium version = v1.7.0
- Kernel version = 5.3.0-40-generic (Ubuntu 18.04 HWE kernel)
kubectl version =
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:07:13Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
How to reproduce the issue
Attempt to install cilium with helm while specifying global.nodePort.range like:
helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.7.0 \
--namespace kube-system \
--set global.kubeProxyReplacement=strict \
--set global.k8sServiceHost=172.30.200.8 \
--set global.k8sServicePort=6443
--set global.nodePort.range='3300-35000'
OR attempt to change the cilium config with something like:
kubectl edit configmaps -n kube-system cilium-config
data:
node-port-range: 3300-35000
Regardless of the way you add this parameter, this results in cilium failing to start with this error:
level=fatal msg="Unable to parse min/max port for NodePort range!" subsys=config
Thoughts
I don't know too much about Cilium's internals - but when I was digging around I noticed the that the go parser for this seems to indicate "strings" as the input type for this parameter, but the config map is mounted as a single string within the cilium pod.
Any help would be appreciated! I am running a tiny bare-metal cluster with kubeadm and (ab)using NodePorts directly for services, and I can't use cilium without this :(
Thanks!
Bug report
General Information
It seems to be impossible to specify the Cilium nodePort range in 1.7, as mentioned here:
https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/
The correct syntax of this value isn't documented anywhere, and after trying several permutations it seems like the parser may not be correctly parsing this value. These options fail:
Versions
kubectl version=How to reproduce the issue
Attempt to install cilium with helm while specifying
global.nodePort.rangelike:OR attempt to change the cilium config with something like:
kubectl edit configmaps -n kube-system cilium-configRegardless of the way you add this parameter, this results in cilium failing to start with this error:
Thoughts
I don't know too much about Cilium's internals - but when I was digging around I noticed the that the go parser for this seems to indicate "strings" as the input type for this parameter, but the config map is mounted as a single string within the cilium pod.
Any help would be appreciated! I am running a tiny bare-metal cluster with kubeadm and (ab)using NodePorts directly for services, and I can't use cilium without this :(
Thanks!