Comments (4)
k8s-ci-robot
commented on June 19, 2024
There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:
/sig <group-name>/wg <group-name>/committee <group-name>
Please see the group list for a listing of the SIGs, working groups, and committees available.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from kubernetes.
k8s-ci-robot
commented on June 19, 2024
This issue is currently awaiting triage.
If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from kubernetes.
spyroot
commented on June 19, 2024
I'm closing this case. For the rest, HTTP/2 uses a max segment size in the case of jumbo MTU, i.e., if you have some issue with MTU and a network configured with jumbo MTU. Still, you have slightly less than sufficient offset for overhead, i.e., in the case of some sort of bridge or tunnel, the frame size might exceed, so SYN-ACK never happened. Hence, kube-api webhooks never establish a TLS connection that uses HTTP/2.
I would say the recommended action is to create pods in the Kube system and check MTU at full mtu size to confirm that there is no issue on the network side with jumbo mtu, etc.
b) I still need confirmation, but it looked like PMTU does not work in case you have a bridge interface and uplink some sort of tunnel ( VXLAN, Geneve, etc). Hence, PMTU never kicks in, so SYN-ACK is never completed.
from kubernetes.
spyroot
commented on June 19, 2024
I'm closing this case. For the rest, HTTP/2 uses a max segment size in the case of jumbo MTU, i.e., if you have some issue with MTU and a network configured with jumbo MTU. Still, you have slightly less than sufficient offset for overhead, i.e., in the case of some sort of bridge or tunnel, the frame size might exceed, so SYN-ACK never happened. Hence, kube-api webhooks never establish a TLS connection that uses HTTP/2.
I would say the recommended action is to create pods in the Kube system and check MTU at full mtu size to confirm that there is no issue on the network side with jumbo mtu, etc.
b) I still need confirmation, but it looks like PMTU does not work if you have a bridge interface and uplink some sort of tunnel ( VXLAN, Geneve, etc.). Hence, PMTU never kicks in, so SYN-ACK is never completed.
from kubernetes.
Related Issues (20)
- Kubernets service not distributing traffic in equally , seeing imbalance in traffic . HOT 14
- Publish Markdown for OpenAPI field descriptions using an extension HOT 10
- Enhancement: allow to filter what fields to return from the API HOT 9
- [Failing Test] ci-crio-cgroupv1-node-e2e-conformance (Swap Tests) HOT 3
- [Flaking Test] integration-master (goroutine leak detection) HOT 6
- [Flaking Test] ci-node-e2e (Container Lifecycle) HOT 11
- Migrate existing features to versioned feature gate HOT 4
- verification machinery for compatibility version HOT 3
- [Flaking Test] TestLog/stateful_set_logs_with_all_pods HOT 4
- Pod deleted during image pull still starts HOT 10
- ValidatingAdmissionPolicy objects have different runtime type compared to CRDValidationRules HOT 8
- `kube-proxy`'s `--healthz-bind-address` should support IPv4 and IPv6 simultaneously (dual stack) HOT 24
- Bug: securityContext appArmorProfile unconfined not working with containerd HOT 5
- The old pod log file is not deleted from the /var/log/pods/ directory HOT 14
- Job controller reports the count of terminating pods with unnecessary delay HOT 4
- tracking issue; bump pause to 3.10 HOT 4
- kubernetes-sigs / scheduler-plugins go.mod Error HOT 3
- post-kubernetes-push-image-pause failed to publish version 3.10 HOT 15
- Failure cluster [6bc9e9c5...] HOT 8
- Apiserver log `Forcing xxx watcher close due to unresponsiveness` meaning consultation HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes.