3

I'm trying to create a Service on cluster A that points to the IP address of cluster B. I do not have a domain name for cluster B, so can't use ExternalName. The way that I'm trying to do this is by creating a Service without a selector on cluster A and manually creating an EndpointSlice resource for that service which will point to cluster B. According to Kubernetes documentation, I need to "link an EndpointSlice to a Service by setting the kubernetes.io/service-name label on that EndpointSlice." But even after doing so, my service apparently has no endpoints.

Code

endpointslice.yaml

apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
  name: hack-svc-1
  labels:
    kubernetes.io/service-name: hack-svc
    kubernetes.io/managed-by: manual
addressType: IPv4
ports:
  - port: 80
endpoints:
  - addresses:
    - "cluster B's IPv4 address here"
    conditions:
      ready: true

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: hack-svc
spec:
  ports:
    - port: 80

After kubectl describe service hack-svc:

Name:              hack-svc
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                <IPv4 address here>
IPs:               <IPv4 address here>
Port:              http  80/TCP
TargetPort:        80/TCP
Endpoints:         <none>        <-- No endpoints??
Session Affinity:  None
Events:            <none>

How can I associate the EndpointSlice with my Service?

Jason
  • 302
  • 2
  • 10
  • I know this is an old question, but which platform were you running, and which version of kubernetes? Was it GKE Autopilot? – intotecho Jun 27 '23 at 08:37
  • @intotecho it is on digitalocean. Version is Kubernetes 1.24.13-do.0 – Jason Jul 02 '23 at 22:28

2 Answers2

0

secavfr posted a reportedly working example on SO.
When I tried this, I also found no endpoints were created. The example is for Kubernetes 1.26 and and NGINX 1.7 but I am on Kubernetes 1.25 and NGINX Ingress controller v1.8.0 nginx version: nginx/1.21.6 on a GKE Autopilot cluster.

I suspect some subtle changes to the syntax between the versions but I haven't found the solution yet. Perhaps it is also necessary to create the EndPoints?

kubectl -n namespace describe endpointslice hack-svc-1

Does return the endpoints, but they are not associated with the service?

Changing the IP address and reapplying does cause the service to be reconfigured, but the IP address is reported in any of the interfaces.

endpointslice.discovery.k8s.io/my-service-1 configured

I also tried using EndPoint instead of EndPointSlice, but it gave a very similar outcome.

Then I tried ExternalIP service type. I tried to enable them with

gcloud beta container clusters update my-cluster --enable-service-externalips

The error result was

GKE Warden rejected the request because it violates one or more constraints.
Violations details: {"[denied by autopilot-external-ip-limitation]":["service external IPs are forbidden in Autopilot due to CVE-2020-8554: [10.101.0.17]"]}

GKE Autopilot disables ExternalIPs in response to CVE-2020-8554, but I don't know if this applicable to this issue.

intotecho
  • 4,925
  • 3
  • 39
  • 54
  • I couldn't get it to work so went back to the old Endpoints, which worked like a charm. Perhaps digitalocean also blocks external IPs. – Jason Jul 02 '23 at 22:30
  • CVE-2020-8554 is preventing ExternalName, ExternalIP, and Endpoints with ExternaIP with an explicit error. But for EndpointSlice, it is just failing as described in the OP. For my case, gave up with Ingress and created an external load balancer to peel of the traffic before it gets into the cluster since it wasn't originating inside the cluster. – intotecho Jul 04 '23 at 01:15
-1

EndpointSlice API is a scalable and extensible alternative to the Endpoints API. EndpointSlices gathers information such as IP addresses, ports, readiness, and topology from the pods of a service. Follow this tutorial and verify whether there are any mismatches while configuring EndpointSlices for your clusters it helped in my case.

Kranthiveer Dontineni
  • 1,056
  • 1
  • 10
  • 1
    Thank you for the link, but the tutorial creates a service with a selector, which means K8s automatically creates the EndpointSlices. I want to create a service without a selector and manually create the EndpointSlices. – Jason Jan 26 '23 at 06:57