Search code examples
kuberneteskubernetes-ingress

How to force Kubernetes to listen to specific interface

On my PC I have multiple network interfaces:

  1. lo 127.0.0.1 - loopback interface
  2. enp2s0 192.168.1.244 - main interface
  3. lo:40 192.168.40.1 - a virtual loopback device
  4. others are irrelevant

I am running apache on both the main interface and first loopback on ports 80 and 443 And I need that apache to be undisturbed.

So I create a virtual loopback device for kubernetes to use with IP 192.168.40.1 But every time I am trying to attach it to kubernetes it also grabs the main interface as well.

So far here is my ingress-controller config file (important parts):

kind: Service
apiVersion: v1
metadata:
  name: traefik
  namespace: kube-system
spec:
  loadBalancerIP: 192.168.40.1
  externalIPs:
    - 192.168.40.1
  ports:
    - name: web
      protocol: TCP
      port: 1380
      targetPort: web
      nodePort: 32211
    - name: websecure
      protocol: TCP
      port: 13443
      targetPort: websecure
      nodePort: 32506
  selector:
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  clusterIP: 10.43.181.90
  clusterIPs:
    - 10.43.181.90
  type: LoadBalancer
  sessionAffinity: None
  externalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  allocateLoadBalancerNodePorts: true
  internalTrafficPolicy: Cluster

I tried changing both externalIp and loadBalancerIP settings but that only made kubernetes grab both 192.168.1.244 and 192.168.40.1.

For some reason when I am trying to edit the file it shows an extra read-only section in the dashboard editor:

status:
  loadBalancer:
    ingress:
      - ip: 192.168.1.244

I guess that is whats holding the interface.

How do I prevent Kubernetes from grabbing the main interface, and make it use only 192.168.40.1?

Solution

  • k3s by default binds to first public system interface.
    To overwrite this behavior you need to provide --node-ip=<listen-ip> parameter to the server process.

    Since there is no configuration (neither internal nor exteral) that allows to set that parameter, the only way of setting it is by modifying the systemd service file.

    You have to modify /etc/systemd/system/k3s.service file and in last lines change

    ExecStart=/usr/local/bin/k3s \
    server \

    to

    ExecStart=/usr/local/bin/k3s \
    server --node-ip=192.168.40.1 \

    and restart kubernetes by running

    sudo systemctl daemon-reload
sudo systemctl restart k3s.service

    This way Kubernetes will listen only on 192.168.40.1 using interface assigned to this ip.