Charts: [stable/redis-ha] Replicas do not initialize with networkpolicy present
Is this a request for help?: Yes
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
Bug Report
Version of Helm and Kubernetes:
Kubernetes: v1.11.3
Helm:
Client: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.1", GitCommit:"02a47c7249b1fc6d8fd3b94e6b4babf9d818144e", GitTreeState:"clean"}
Which chart:
stable/redis-ha
What happened:
When applying the following network policy (which only allows ingress and egress traffic to redis pods in the same namespace), the replica pods fail to initialize with the following config-init container logs:
Could not connect to Redis at redis-io-redis-ha:26379: Try again
Initializing config..
/readonly-config/init.sh: line 91: Could not resolve the announce ip for this pod: not found
networkpolicy.yaml:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: redis-io
spec:
podSelector:
matchLabels:
app: redis-ha
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector: {}
egress:
- to:
- podSelector: {}
What you expected to happen:
Redis should be able to initialize a cluster with the above network policy in place. The cluster is behaving as if it cannot talk to itself. Perhaps I am not writing the network policy properly?
How to reproduce it (as minimally and precisely as possible):
- Apply above network policy manifest.
- Deploy redis-ha chart to same namespace as network policy.
Anything else we need to know:
We're trying to configure a network policy to control which pods have access to the redis cluster because setting a password doesn't work (liveness probe fails since it does not specify AUTH key on request, which is another issue I'll probably open separately). Network policies also apparently do not work, unless I apply the network policy AFTER each replica is running.
gbates101
All 8 comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 3 Mar 2019
I'm getting similar error, I'm using latest version of redis-ha chart
Kubernetes version: v 1.12.3
Could not connect to Redis at redis-ha:26379: Try again
Initializing config..
/readonly-config/init.sh: line 84: Could not resolve the announce ip for this pod: not found
rammaram06
on 15 Mar 2019
me to锛宼he same error.
runstrider
on 4 Apr 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
stale[bot]
on 4 May 2019
This issue is being automatically closed due to inactivity.
stale[bot]
on 18 May 2019
@gbates101 How did you sorted this out? I got the exact same issue.
big-kahuna-burger
on 19 Oct 2019
@gbates101 how did you address this? I'm having the same issue
dnascimento
on 19 Nov 2019
@big-kahuna-burger @dnascimento I had to apply the network policy _after_ I installed redis. Seems to work fine in that case, though I never tested redis pod restarts with that setup.
gbates101
on 19 Nov 2019
Related issues
tdcox
路
3Comments
rajkumar49
路
3Comments
kminehart
路
3Comments
vsliouniaev
路
3Comments
paskal
路
3Comments