Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TiDB Operator - Cannot connect to TiDB Service for TiDB Cluster External IP #3941

Closed
ttadeo opened this issue Apr 23, 2021 · 6 comments
Closed
Labels
lifecycle/stale status/needs-info Further information is required

Comments

@ttadeo
Copy link

ttadeo commented Apr 23, 2021

Bug Report

What version of Kubernetes are you using?

AWS EKS 1.18

What version of TiDB Operator are you using?

TiDB Operator Version: version.Info{GitVersion:"v1.1.12", GitCommit:"267b0d44f8c66f41a3a02685d7100c55d4697715", GitTreeState:"clean", BuildDate:"2021-04-15T12:21:20Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

PROBLEM:

Trying to connect to EXTERNAL-IP for TiDB-Cluster Service and connection times out. Using 127.0.0.1 with port 4000 forwarded works fine. I can connect to the Grafana Service using it's EXTERNAL IP just fine. Both services are of type LoadBalancer, however EXTERNAL TRAFFIC POLICY for TiDB-Cluster Service specifies "Local" and Grafana Service specifies "Cluster".

Question:

I understand the need for security(Access to TiDB Cluster SVC only accessible within Cluster) but for remote access outside the cluster having "Local" set prevents remote access using EXTERNAL IP. Is this spec correct ? If so, why ?

@DanielZhangQD
Copy link
Contributor

@ttadeo Local does not block access to the TiDB service, could you please check the LB on your AWS console and see if it has available targets? And you may also check with the AWS support for the NLB issues.

@ttadeo
Copy link
Author

ttadeo commented May 4, 2021

@DanielZhangQD Thank you I will spin up the cluster again and check AWS NLB. I will update when I am done with my results.

@dveeden
Copy link
Contributor

dveeden commented May 4, 2021

@ttadeo maybe have a look at pingcap/docs#5555 and leave a comment if anything special needs to be added there.

@dveeden
Copy link
Contributor

dveeden commented May 13, 2021

#879 seems related

@dveeden
Copy link
Contributor

dveeden commented May 13, 2021

The problem might be the "Scheme". This is visible in the web UI for the ELB. This seems to be "internal" while it should be "internet-facing".

I think this is caused by this line:

service.beta.kubernetes.io/aws-load-balancer-internal: '0.0.0.0/0'

https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/ suggests that this setting is a boolean. So the IP range here doesn't seem to be a correct value.

dveeden added a commit to dveeden/tidb-operator that referenced this issue May 14, 2021
- Remove incorrect `aws-load-balancer-internal`.
- Sets `aws-load-balancer-scheme: internet-facing`.
  This is match what our examples expect.
- Change the loadbalancer for Grafana from "CLB" (Classic) to "NLB"
  (Network)

Related:
- pingcap#3941
dveeden added a commit to dveeden/tidb-operator that referenced this issue May 14, 2021
- Remove incorrect `aws-load-balancer-internal`.
- Sets `aws-load-balancer-scheme: internet-facing`.
  This is match what our examples expect.
- Change the loadbalancer for Grafana from "CLB" (Classic) to "NLB"
  (Network)
- Add a LoadBalancer for PD as it hosts the dashboard on
  http://<pd>:2379/dashboard/

Related:
- pingcap#3941
@DanielZhangQD DanielZhangQD added the status/needs-info Further information is required label Jul 16, 2021
@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lifecycle/stale status/needs-info Further information is required
Projects
None yet
Development

No branches or pull requests

3 participants