skip to Main Content

In k8s, I want my server to listen on podIP rather than 127.0.0.1 or 0.0.0.0. But the podIP is dynamically allocated, so I want to do something like:

ip := getIPFromNic("eth0")
net.Listen(ip)

But I don’t know how to ensure the nic in pod is called eth0 rather than en0 or others. Should I do something in Dockerfile or should I do something in deployment.yaml?

I tried to search on google, but didn’t find any related resources about the nic in docker. Most of the blogs are talking about the veth and docker bridge

3

Answers


  1. Chosen as BEST ANSWER

    After digging into this problem, I found that the network interface name is controlled by the kubelet, it's a cluster wide configuration that can't be changed by the users. By default, the nic name is eth0, and if you're not sure, you can check any pod in the cluster to confirm that.

    In practice, it's recommended to use downward api to pass the PodIP as an env var to the pod, thus you can get the PodIP easily. But my case is a little special, the application's config file(mounted as a configmap) need a listen addr, which must be either an ip address or a nic name. That's why I need a fixed value.


    1. Your pods ip address is present in:
      /proc/1/task/1/net/fib_trie
      file

    mine is like:

     cat /proc/1/task/1/net/fib_trie
    Main:
      +-- 0.0.0.0/1 2 0 2
         +-- 0.0.0.0/4 2 0 2
            |-- 0.0.0.0
               /0 universe UNICAST
            +-- 10.0.0.0/24 2 0 2
               |-- 10.0.0.45
                  /32 host LOCAL
               |-- 10.0.0.184
                  /32 link UNICAST
         +-- 127.0.0.0/8 2 0 2
            +-- 127.0.0.0/31 1 0 0
               |-- 127.0.0.0
                  /32 link BROADCAST
                  /8 host LOCAL
               |-- 127.0.0.1
                  /32 host LOCAL
            |-- 127.255.255.255
               /32 link BROADCAST
    

    and 10.0.0.45 is my pod ip address


    1. also if you have enough privileges, you can use kubernetes rest api to access pod information:

    curl -s -H "Authorization: Bearer $YOUR_TOKEN" https://$KUBERNETES_SERVICE_HOST/api/v1/namespaces/$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)/pods/$(hostname)/ | grep "podIP" | awk '{print $2}' | tr -d '",'

    unfortunately default privileges of cat /var/run/secrets/kubernetes.io/serviceaccount/token is not enough for this request.

    Login or Signup to reply.
  2. You can get the pod ip from Kubernetes rather than trying to look it up from the interface (or files in /proc).

    You can expose information about a Pod as environment variables; the documentation includes this example; look in particular at how MY_POD_IP is set:

    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-envars-fieldref
    spec:
      containers:
        - name: test-container
          image: registry.k8s.io/busybox
          command: [ "sh", "-c"]
          args:
          - while true; do
              echo -en 'n';
              printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE;
              printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT;
              sleep 10;
            done;
          env:
            - name: MY_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: MY_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: MY_POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: MY_POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: MY_POD_SERVICE_ACCOUNT
              valueFrom:
                fieldRef:
                  fieldPath: spec.serviceAccountName
      restartPolicy: Never
    

    You can an example of this in use in the node_exporter manifests from the kube-prometheus project.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search