[SOLVED] node is assigning IP to pods that is outside of specified CIDRs
$ kubectl describe nodes lke17110-20819-607cabf9bf93
System Info:
Machine ID: a0c04b65ec6349daa7d0c11997713e5e
System UUID: a0c04b65ec6349daa7d0c11997713e5e
Boot ID: 053968c1-3610-4172-b62e-320976fe709c
Kernel Version: 5.10.0-5-cloud-amd64
OS Image: Debian GNU/Linux 9 (stretch)
Operating System: linux
Architecture: amd64
Container Runtime Version: docker://19.3.15
Kubelet Version: v1.20.5
Kube-Proxy Version: v1.20.5
PodCIDR: 10.2.5.0/24
PodCIDRs: 10.2.5.0/24
ProviderID: linode://26132501
Non-terminated Pods: (7 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age
--------- ---- ------------ ---------- --------------- ------------- ---
default ngx-ingress-ingress-nginx-controller-6c9496447-f4dmd 100m (10%) 0 (0%) 90Mi (4%) 0 (0%) 121d
redacted-project-12-review-k8s-dev-pe-cl5zoc postgres-1 0 (0%) 0 (0%) 230Mi (12%) 230Mi (12%) 42m
kube-system calico-node-n7nck 250m (25%) 0 (0%) 0 (0%) 0 (0%) 27d
kube-system csi-linode-node-k7n9v 0 (0%) 0 (0%) 0 (0%) 0 (0%) 12d
kube-system kube-proxy-9n4s2 0 (0%) 0 (0%) 0 (0%) 0 (0%) 27d
kube-system metrics-server-d895c4b8b-bglm6 0 (0%) 0 (0%) 0 (0%) 0 (0%) 121d
i.e. Pod IP range should be within 10.2.5.0/24 for this node. BUT:
$ kubectl get pods -n redacted-project-12-review-k8s-dev-pe-cl5zoc postgres-1 -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
postgres-1 0/1 CrashLoopBackOff 13 45m 10.2.173.196 lke17110-20819-607cabf9bf93 <none> <none>
The actual IP got assigned to postgres-1 is incorrect ( should be 10.2.5.x not 10.2.173.x ). Is this a bug? Since I expect the IP should follow the defined CIDR so I've only allowed such IP to access. Now it is crashing for this specific reason.
1 Reply
Solved. This is an expected behavior