Change name of mirrored service

[Flou21]

Hello there

I have a problem with the generated name of a mirrored service

Problem

My main cluster is running in the eu, there runs a kafka cluster. Now I created a little cluster in the us, that should access the kafka cluster in the eu. I have installed linkerd with mutlicluster functionality. For most services this works out of the box. But I have a problem with kafka. The kafka cluster consists of the 3 instances.

When a pod in the us wants to connect to kafka, the pod uses the service kafka-helm-default.kafka. kafka-helm-default is the name of the mirrored service and kafka is the namespace. The initial request works but then kafka returns, that an individual kafka instance listens on kafka-helm-0.kafka-helm.kafka. This is the pod kafka-helm-0, the service kafka-helm but the -default is missing because in the eu cluster (which is the default cluster), and the namespace kafka is the same again.

So my problem is, that in the eu cluster the name of the service is kafka-helm and in the us cluster the name is kafka-helm-default. Can I rename the name of the mirrored service that linkerd generates or does the name have to be `-?

I did not find anything in the documentation and don't know what else I can do. Sorry for the confusing naming helm and default when I created the cluster I did not know that I will build a multicluster some day.

[olix0r]

@Flou21 You may be able to create a TrafficSplit to redirect traffic from another logical name to the mirrored service?

[Flou21]

Thanks for the quick reply.
I created the TrafficSplit

apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: kafka-helm-headless-traffic-split
  namespace: sky
spec:
  service: kafka-helm-headless
  backends:
  - service: kafka-helm-headless-default
    weight: 1000m

but i it does not work, I still get the following error message.

Name or service not known (after 2ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984769.754|ERROR|rdkafka#consumer-3| [thrd:app]: rdkafka#consumer-3: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 2ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984801.447|FAIL|rdkafka#consumer-1| [thrd:GroupCoordinator]: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 3ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984801.447|ERROR|rdkafka#consumer-1| [thrd:app]: rdkafka#consumer-1: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 3ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984806.656|FAIL|rdkafka#consumer-2| [thrd:GroupCoordinator]: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 3ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984806.656|ERROR|rdkafka#consumer-2| [thrd:app]: rdkafka#consumer-2: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 3ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984808.048|FAIL|rdkafka#consumer-3| [thrd:GroupCoordinator]: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 2ms in state CONNECT, 4 identical error(s) suppressed)
%3|1634984808.048|ERROR|rdkafka#consumer-3| [thrd:app]: rdkafka#consumer-3: GroupCoordinator: kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092: Failed to resolve 'kafka-helm-0.kafka-helm-headless.kafka.svc.cluster.local:9092': Name or service not known (after 2ms in state CONNECT, 4 identical error(s) suppressed)

[Flou21]

Another message from me.

I changed the traffic split configuration again and now it works a bit better than before but not completly.
I created following TrafficSplits and Services

apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: kafka-helm-traffic-split
  namespace: sky
spec:
  service: kafka-helm
  backends:
  - service: kafka-helm-default.kafka
    weight: 1000m
---
apiVersion: v1
kind: Service
metadata:
  name: kafka-helm
  namespace: sky
spec:
  ports:
  - port: 9092
    targetPort: 9092
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: kafka-helm-headless-traffic-split
  namespace: sky
spec:
  service: kafka-helm-headless
  backends:
  - service: kafka-helm-headless-default.kafka
    weight: 1000m
---
apiVersion: v1
kind: Service
metadata:
  name: kafka-helm-headless
  namespace: sky
spec:
  ports:
  - port: 9092
    targetPort: 9092

and now i get this output

ommands listening to unavailibily topics                                                                                                                                                                  │ 1 │
│ commands starting to listen for config changes topic sky-settings                                                                                                                                          │19 │
│ commands started http                                                                                                                                                                                      │ 1 │
│ commands subscribed to sky-settings                                                                                                                                                                        │19 │
│ commands subscribed to sky-endedauction,sky-soldauction,sky-canceledauction
commands starting to listen for new auctions via topic sky-topic-flip                                                                                                                                    │
│ commands subscribed to sky-topic-flip                                                                                                                                                                      │19 │
│ commands info: Microsoft.Hosting.Lifetime[0]                                                                                                                                                               │ 1 │
│ commands       Now listening on: http://[::]:80                                                                                                                                                            │19 │
│ commands info: Microsoft.Hosting.Lifetime[0]                                                                                                                                                               │ 1 │
│ commands       Application started. Press Ctrl+C to shut down.                                                                                                                                             │17 │
│ commands info: Microsoft.Hosting.Lifetime[0]                                                                                                                                                               │ 1 │
│ commands       Hosting environment: Production                                                                                                                                                             │19 │
│ commands info: Microsoft.Hosting.Lifetime[0]                                                                                                                                                               │ 1 │
│ commands       Content root path: /app                                                                                                                                                                     │18 │
│ linkerd-proxy [    15.599495s]  WARN ThreadId(01) server{orig_dst=10.43.146.48:9092}: linkerd_timeout::failfast: TCP Logical entering failfast after 3s                                                    │───┘
│ linkerd-proxy [    15.599688s]  INFO ThreadId(01) linkerd_app_core::serve: Connection closed error=TCP Logical service in fail-fast                                                                        │    
│ linkerd-proxy [    15.599703s]  INFO ThreadId(01) linkerd_app_core::serve: Connection closed error=TCP Logical service in fail-fast                                                                        │    
│ linkerd-proxy [    15.599709s]  INFO ThreadId(01) linkerd_app_core::serve: Connection closed error=TCP Logical service in fail-fast                                                                        │
│ commands %6|1634993873.320|FAIL|rdkafka#consumer-2| [thrd:kafka-helm:9092/bootstrap]: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol  │
│ commands %6|1634993873.320|FAIL|rdkafka#consumer-1| [thrd:kafka-helm:9092/bootstrap]: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol  │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-1| [thrd:kafka-helm:9092/bootstrap]: 1/1 brokers are down                                                                                                │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-2| [thrd:app]: rdkafka#consumer-2: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol c │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-2| [thrd:kafka-helm:9092/bootstrap]: 1/1 brokers are down                                                                                                │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-1| [thrd:app]: rdkafka#consumer-1: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol c │
│ commands %6|1634993873.320|FAIL|rdkafka#consumer-3| [thrd:kafka-helm:9092/bootstrap]: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol  │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-3| [thrd:kafka-helm:9092/bootstrap]: 1/1 brokers are down                                                                                                │
│ commands %3|1634993873.320|ERROR|rdkafka#consumer-3| [thrd:app]: rdkafka#consumer-3: kafka-helm:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol c │
│

the subscribe seems to work, but I have another problem with security.protocol but I'm working on it.
I just wanted to send the progress

[Flou21]

I have now the same problem as before but a better error message.
I am not bound to kafka so I tried using a redis cluster for the same target.
After creating the redis cluster in my default cluster I created the mirrored services.

Now I have the same problem as before, a service wants to access redis so it calls redis-headless-default.redis.svc.cluster.local. It get's a response that there are 3 redis instances (redis-node-0.redis-headless.redis.svc.cluster.local, redis-node-1.redis-headless.redis.svc.cluster.local, redis-node-2.redis-headless.redis.svc.cluster.local) after that successfull response it takes the master redis instance (in this case instance 1) and tries to communicate with it. But that request fails, because redis-node-1.redis-headless.redis.svc.cluster.local is not a valid hostname in the mirrored cluster.

I tried to create the TrafficSplits to redirect the traffic but it didn't work. If anyone has another idea please tell me.

Here is the redis error log just in case.

redis: 2021/10/30 14:44:12 sentinel.go:700: sentinel: discovered new sentinel="redis-node-2.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/10/30 14:44:12 sentinel.go:700: sentinel: discovered new sentinel="redis-node-0.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/10/30 14:44:12 sentinel.go:661: sentinel: new master="mymaster" addr="redis-node-1.redis-headless.redis.svc.cluster.local:6379"
{"level":"error","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635605052,"message":"error when saving articles to redis"}
{"level":"error","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635605052,"message":"there was an error when saving articles in redis"}
{"level":"fatal","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635605052,"message":"scraper exited"}
exit status 1

[mateiidavid]

Hey @Flou21, let me see if I understand this correctly:

• You have Redis installed in a cluster (we will call it target). You have a headless service for it and 3 pods. You want to mirror this in a different cluster (we will call it a source cluster).
• In your source cluster, your client calls redis-headless-default.redis.svc.cluster.local. Redis' own discovery reports there are three instance: redis-node-0, redis-node-1, and redis-node-2. This means you are able with a client from your source cluster to discover all nodes in your target cluster.
• When you try to connect to a redis node from your source cluster this fails with no such host.

Is this correct? Have you installed the multicluster extension with StatefulSet feature enabled? I'd like to verify everything is set up properly, it would help if you would list the endpoints and services you have mirrored in your source cluster:

$ kubectl get service -n redis 
# want to see the output for this

$ kubectl get ep -n redis
# want to see endpoints for services

$ kubectl get ep redis-headless -o yaml
# want to see output for headless endpoints object

It seems to me to be the same problem as with Kafka. Oliver mentioned having a TrafficSplit resource in your source cluster. Have you created one? How does it look like?

Note: in this case, it might be necessary to also include the actual hosts in the TrafficSplit resource, not just the headless service. It seems the headless service is queried fine by your client in the source cluster, but unless you also add the hosts under the headless service, you will run into the same issue (i.e calling redis-node-1.redis-headless-default.redis.svc.cluster.local instead of redis-node-1.redis-headless.redis.svc.cluster.local).

[Flou21]

Hello @mateiidavid

You understood that correctly.
in the meantime I also think that it could be because the Statefulset feature is not enabled.

I think you are referring to this guide: https://linkerd.io/2.11/tasks/multicluster-using-statefulsets/
Since k3d version 5 this guide seems outdated, because of breaking changes with k3d. (#7196)

Here are the commands you wanted to see

❯ k get svc -n redis
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)              AGE
redis            ClusterIP   10.104.155.120   <none>        6379/TCP,26379/TCP   4m23s
redis-headless   ClusterIP   None             <none>        6379/TCP,26379/TCP   4m23s
redis-metrics    ClusterIP   10.104.71.167    <none>        9121/TCP             4m23s

❯ k get ep -n redis
NAME             ENDPOINTS                                                       AGE
redis            10.0.17.252:6379,10.0.19.175:6379,10.0.20.39:6379 + 3 more...   4m42s
redis-headless   10.0.17.252:6379,10.0.19.175:6379,10.0.20.39:6379 + 3 more...   4m42s
redis-metrics    10.0.17.252:9121,10.0.19.175:9121,10.0.20.39:9121               4m42s

❯ k get ep -n redis redis-headless -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  creationTimestamp: "2021-11-02T06:21:38Z"
  labels:
    app.kubernetes.io/instance: redis
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-15.5.3
    mirror.linkerd.io/exported: "true"
    service.kubernetes.io/headless: ""
  name: redis-headless
  namespace: redis
  resourceVersion: "18696504"
  uid: 747b6f5e-cc4b-4d41-9c14-973b6fc290f7
subsets:
- addresses:
  - hostname: redis-node-1
    ip: 10.0.17.252
    nodeName: vmd79118.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-1
      namespace: redis
      resourceVersion: "18695975"
      uid: bafc1527-e4a1-4b93-b03a-294fb217876d
  - hostname: redis-node-0
    ip: 10.0.19.175
    nodeName: vmd47578.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-0
      namespace: redis
      resourceVersion: "18695763"
      uid: 8a4ff7f9-7ca2-4377-bf48-95d649d85ddf
  - hostname: redis-node-2
    ip: 10.0.20.39
    nodeName: vmd67819.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-2
      namespace: redis
      resourceVersion: "18696118"
      uid: af4584bf-9078-4963-afd2-82d9aba543eb
  ports:
  - name: tcp-redis
    port: 6379
    protocol: TCP
  - name: tcp-sentinel
    port: 26379
    protocol: TCP

~/dev/kube/redis main *1 !6 ?5                                                                                                              ○ default 07:25:13
❯ k get svc --context us -n redis
NAME                     TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)              AGE
redis-default            ClusterIP   10.43.98.18   <none>        6379/TCP,26379/TCP   27s
redis-headless-default   ClusterIP   10.43.14.81   <none>        6379/TCP,26379/TCP   22s

~/dev/kube/redis main *1 !6 ?5                                                                                                                        07:25:23
❯ clear
~/dev/kube/redis main *1 !6 ?5                                                                                                              ○ default 07:25:36
❯ k get svc -n redis
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)              AGE
redis            ClusterIP   10.104.155.120   <none>        6379/TCP,26379/TCP   4m23s
redis-headless   ClusterIP   None             <none>        6379/TCP,26379/TCP   4m23s
redis-metrics    ClusterIP   10.104.71.167    <none>        9121/TCP             4m23s

~/dev/kube/redis main *1 !6 ?5                                                                                                              ○ default 07:26:01
❯ k get ep -n redis
NAME             ENDPOINTS                                                       AGE
redis            10.0.17.252:6379,10.0.19.175:6379,10.0.20.39:6379 + 3 more...   4m42s
redis-headless   10.0.17.252:6379,10.0.19.175:6379,10.0.20.39:6379 + 3 more...   4m42s
redis-metrics    10.0.17.252:9121,10.0.19.175:9121,10.0.20.39:9121               4m42s

~/dev/kube/redis main *1 !6 ?5                                                                                                              ○ default 07:26:20
❯ k get ep -n redis redis-headless -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  creationTimestamp: "2021-11-02T06:21:38Z"
  labels:
    app.kubernetes.io/instance: redis
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-15.5.3
    mirror.linkerd.io/exported: "true"
    service.kubernetes.io/headless: ""
  name: redis-headless
  namespace: redis
  resourceVersion: "18696504"
  uid: 747b6f5e-cc4b-4d41-9c14-973b6fc290f7
subsets:
- addresses:
  - hostname: redis-node-1
    ip: 10.0.17.252
    nodeName: vmd79118.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-1
      namespace: redis
      resourceVersion: "18695975"
      uid: bafc1527-e4a1-4b93-b03a-294fb217876d
  - hostname: redis-node-0
    ip: 10.0.19.175
    nodeName: vmd47578.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-0
      namespace: redis
      resourceVersion: "18695763"
      uid: 8a4ff7f9-7ca2-4377-bf48-95d649d85ddf
  - hostname: redis-node-2
    ip: 10.0.20.39
    nodeName: vmd67819.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-2
      namespace: redis
      resourceVersion: "18696118"
      uid: af4584bf-9078-4963-afd2-82d9aba543eb
  ports:
  - name: tcp-redis
    port: 6379
    protocol: TCP
  - name: tcp-sentinel
    port: 26379
    protocol: TCP

I tried creating all variants of TrafficSplits.

apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-headless-0
  namespace: default
spec:
  service: redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-headless-default.redis.svc.cluster.local
    weight: 1000m
  - service: redis-headless.redis.svc.cluster.local
    weight: 0m
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-headless-0
  namespace: redis
spec:
  service: redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-headless-default.redis.svc.cluster.local
    weight: 1000m
  - service: redis-headless.redis.svc.cluster.local
    weight: 0m
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-headless-node-0
  namespace: default
spec:
  service: redis-node-0.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-0.redis-headless-default.redis.svc.cluster.local
    weight: 1000m
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-headless-0-node-0
  namespace: redis
spec:
  service: redis-node-0.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-0.redis-headless-default.redis.svc.cluster.local
    weight: 1000m

and the same for the other nodes.

I tried creating more TrafficSplits but they didn't work and then I deleted them.
I tried creating all possible variants that could help

[mateiidavid]

Hey @Flou21,

Is your environment k3d at the moment? It seems that you have managed to successfully set up a multicluster environment, so you can follow the rest of the steps that pertain to the StatefulSet feature. The outdated part you mentioned has to do with setting up the k3d clusters and shouldn't impact the rest of the workflow.

To be a bit more specific, to enable the feature, you can simply re-link your 2 clusters in your existing environment. You'd link them in the same way you have done before, with an additional install option:

linkerd multicluster link --set "enableHeadlessServices=true"

Without the feature enabled, you won't actually have any hosts so you can directly communicate with the pods, you will only have the core headless service. I'd suggest re-linking with the feature enabled and then trying again. You'll notice a difference in the set-up if you execute the same commands (e.g get ep, get services) once your service is mirrored as headless.

[Flou21]

Hello @mateiidavid

My "main" cluster in the eu is normal k8s on rented servers.
The "us" cluster is a k3s cluster running on a single vm on a rented server.

I will try to relink the clusters with this option today, maybe this is the only missing option.
However I have to go to work now, so I will tell you the result later today.

[Flou21]

hey @mateiidavid

I reinstalled linkerd with multicluster and linked the clusters again.

It looks better now, but it still does not work.

I now have these services in my "us" cluster.

redis-headless-default   ClusterIP   None            <none>        6379/TCP,26379/TCP   20m
redis-default            ClusterIP   10.43.158.73    <none>        6379/TCP,26379/TCP   20m
redis-node-0-default     ClusterIP   10.43.210.221   <none>        6379/TCP,26379/TCP   17m
redis-node-1-default     ClusterIP   10.43.136.184   <none>        6379/TCP,26379/TCP   16m
redis-node-2-default     ClusterIP   10.43.254.130   <none>        6379/TCP,26379/TCP   15m

this are the services in my "default" cluster

❯ k get svc -n redis
NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)              AGE
redis            ClusterIP   10.96.250.228   <none>        6379/TCP,26379/TCP   23m
redis-headless   ClusterIP   None            <none>        6379/TCP,26379/TCP   23m
redis-metrics    ClusterIP   10.107.81.133   <none>        9121/TCP             23m

endpoints:

❯ k get ep -n redis
NAME             ENDPOINTS                                                        AGE
redis            10.0.16.171:6379,10.0.17.244:6379,10.0.19.228:6379 + 3 more...   24m
redis-headless   10.0.16.171:6379,10.0.17.244:6379,10.0.19.228:6379 + 3 more...   24m
redis-metrics    10.0.16.171:9121,10.0.17.244:9121,10.0.19.228:9121               24m

yaml for the service

❯ kubectl get ep redis-headless -n redis -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  annotations:
    endpoints.kubernetes.io/last-change-trigger-time: "2021-11-02T19:02:11Z"
  creationTimestamp: "2021-11-02T18:56:00Z"
  labels:
    app.kubernetes.io/instance: redis
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: redis
    helm.sh/chart: redis-15.5.3
    mirror.linkerd.io/exported: "true"
    service.kubernetes.io/headless: ""
  name: redis-headless
  namespace: redis
  resourceVersion: "18897029"
  uid: f4a78392-60b9-4a5c-b27a-41fd90c729f5
subsets:
- addresses:
  - hostname: redis-node-0
    ip: 10.0.16.171
    nodeName: vmd78947.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-0
      namespace: redis
      resourceVersion: "18896698"
      uid: 04b2a10e-742b-4b37-b62d-c89ad35d36ac
  - hostname: redis-node-1
    ip: 10.0.17.244
    nodeName: vmd79118.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-1
      namespace: redis
      resourceVersion: "18896852"
      uid: f79da026-646c-4c64-a0f1-cef9c0d7715c
  - hostname: redis-node-2
    ip: 10.0.19.228
    nodeName: vmd47578.contaboserver.net
    targetRef:
      kind: Pod
      name: redis-node-2
      namespace: redis
      resourceVersion: "18897022"
      uid: 42084aa3-cc40-4524-afc6-56b54f0d4dd4
  ports:
  - name: tcp-redis
    port: 6379
    protocol: TCP
  - name: tcp-sentinel
    port: 26379
    protocol: TCP

I tried again creating TrafficSplit resources but they didn't work again.
They look something like this:

apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-node-0
  namespace: default
spec:
  service: redis-node-0.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-0-default.redis.svc.cluster.local
    weight: 1000m

for every redis node.

And this is the error message I still get.

{"level":"info","time":1635881072,"message":"request completed"}
redis: 2021/11/02 19:24:33 sentinel.go:700: sentinel: discovered new sentinel="redis-node-2.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/11/02 19:24:33 sentinel.go:700: sentinel: discovered new sentinel="redis-node-0.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/11/02 19:24:33 sentinel.go:661: sentinel: new master="mymaster" addr="redis-node-1.redis-headless.redis.svc.cluster.local:6379"
{"level":"error","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635881073,"message":"error when saving articles to redis"}
{"level":"error","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635881073,"message":"there was an error when saving articles in redis"}
{"level":"fatal","error":"dial tcp: lookup redis-node-1.redis-headless.redis.svc.cluster.local: no such host","time":1635881073,"message":"scraper exited"}
exit status 1

I hope this can help you
If you need anything I can help you just ask.

I appreciate your help so much

[mateiidavid]

Just a quick question to verify whether this would work, can you modify one of the TrafficSplits to be:

  service: redis-node-1.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-1.redis-headless-default.redis.svc.cluster.local
    weight: 1000m

instead of

  service: redis-node-1.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-1-default.redis.svc.cluster.local
    weight: 1000m

I'm curious if setting it directly to the instance will work in this case.

[Flou21]

@mateiidavid
Just to make sure this are the configured traffic splits now.

apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-node-0
  namespace: redis
spec:
  service: redis-node-0.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-0.redis-headless-default.redis.svc.cluster.local
    weight: 1000m
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-node-1-default
  namespace: redis
spec:
  service: redis-node-1.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-1.redis-headless-default.redis.svc.cluster.local
    weight: 1000m
---
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
  name: redis-node-2
  namespace: redis
spec:
  service: redis-node-2.redis-headless.redis.svc.cluster.local
  backends:
  - service: redis-node-2.redis-headless-default.redis.svc.cluster.local
    weight: 1000m

I still get the same error message.

redis: 2021/11/03 15:27:12 sentinel.go:700: sentinel: discovered new sentinel="redis-node-2.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/11/03 15:27:12 sentinel.go:700: sentinel: discovered new sentinel="redis-node-0.redis-headless.redis.svc.cluster.local:26379" for master="mymaster"
redis: 2021/11/03 15:27:12 sentinel.go:661: sentinel: new master="mymaster" addr="redis-node-2.redis-headless.redis.svc.cluster.local:6379"
{"level":"error","error":"dial tcp: lookup redis-node-2.redis-headless.redis.svc.cluster.local: no such host","time":1635953232,"message":"error when saving articles to redis"}
{"level":"error","error":"dial tcp: lookup redis-node-2.redis-headless.redis.svc.cluster.local: no such host","time":1635953232,"message":"there was an error when saving articles in redis"}
{"level":"fatal","error":"dial tcp: lookup redis-node-2.redis-headless.redis.svc.cluster.local: no such host","time":1635953232,"message":"scraper exited"}
exit status 1

Is there an intended way to configure this type of multi cluster communication.
I have this problem now with kafka and redis and I think there are many more applications with this problem

[mateiidavid]

So, I've looked into this a bit. My guess is that DNS isn't properly configured in your us cluster, which is why the hosts are not found (even though we do have services for them). Would you mind sharing your Redis manifests so I can give this a try in my own env? It would be easier for me to reproduce this.

Out of curiosity though, what FQDN is your us client connection to? e.g let's say you have a Go client that wants to connect to the mirror service in US (which in turn calls Redis in default). Does it try to connect to redis-headless.redis.svc.cluster.local or to redis-headless-default.(...).cluster.local? If you change it to connect to the 2nd one instead, does it work, or do you get the same result?

[Flou21]

I use the bitnami redis helm chart version 6.2.6 (https://github.com/bitnami/charts/tree/master/bitnami/redis)
with this values file: https://gist.github.com/Flou21/7cbfdd9e5a14551af9029bf607f7a8cd

output from the pod in the us cluster:

app> nslookup kubernetes
Server:		10.43.0.10
Address:	10.43.0.10#53

Name:	kubernetes.default.svc.cluster.local
Address: 10.43.0.1

app> nslookup redis-default.redis
Server:		10.43.0.10
Address:	10.43.0.10#53

Name:	redis-default.redis.svc.cluster.local
Address: 10.43.158.73

I get the same error message when I want to connect to redis-default.redis.svc.cluster.local.

Hope this helps

[Flou21]

@mateiidavid were you able to reproduce the problem?

[Flou21]

@mateiidavid I really don't want to annoy you, but the issue is still relevant and I don't know what i should do

[mateiidavid]

@mateiidavid I really don't want to annoy you, but the issue is still relevant and I don't know what i should do

Hey @Flou21, I'm sorry I kept you waiting. I had a couple of pressing things to do since I last replied and I haven't had any time to look into this. I got around to it today, but unfortunately I wasn't able to reproduce this. I'll put all of my steps down here so we can go through them together.

• Spun up two clusters: east, and west. Both of them are in k3d for me, I installed Linkerd and linked the two clusters with statefulset support. At the end, I tested statefulset works by curling a single endpoint from my east cluster (the endpoint was in the west). For the rest of this post, east will be my src cluster (where my client is), and west will be my target cluster, where the requests end up in.
• Installed redis: I used the helm chart and values you have provided (thank you for that!). I installed redis through helm. At first, my statefulset wouldn't come up -- this had to do with the liveness and readiness probes. I ended up deleting them, since (weirdly enough) the redis container was working. I took the checks out and my redis pods came up nicely.

# in my west cluster
:; k get po
NAME           READY   STATUS    RESTARTS   AGE
nginx-set-2    2/2     Running   0          15m
nginx-set-1    2/2     Running   0          14m
nginx-set-0    2/2     Running   0          14m
redis-node-0   3/3     Running   5          8m35s
redis-node-2   3/3     Running   5          8m14s
redis-node-1   3/3     Running   5          8m24s

# all nodes log this
16:20:13.35 WARN  ==> redis-headless.default.svc.cluster.local does not contain the IP of this pod: 10.42.0.26

# this is weird, the endpoints object for sure contains the IP address
# not sure why it's complaining about it, but it's also out of scope here
# not likely it was introduced by us.

• Exported redis: through kubectl label service/redis-headless "mirror.linkerd.io/exported=true". In my east cluster, I also deployed a redis-client pod. Here's the state in my east cluster:

# In east, list pods
:; k get po
NAME                    READY   STATUS    RESTARTS   AGE
curl-56dc7d945d-2tmpp   2/2     Running   0          44m
redis-client            2/2     Running   0          25m

# In east, list services
# we expect here 4 services for redis: one for headless
# and 3 for each node we have (3 in total).
:; k get svc
NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)              AGE
kubernetes            ClusterIP   10.43.0.1       <none>        443/TCP              90m
nginx-svc-west        ClusterIP   None            <none>        80/TCP               43m
redis-headless-west   ClusterIP   None            <none>        6379/TCP,26379/TCP   28m
nginx-set-2-west      ClusterIP   10.43.41.196    <none>        80/TCP               17m
nginx-set-1-west      ClusterIP   10.43.109.50    <none>        80/TCP               17m
nginx-set-0-west      ClusterIP   10.43.210.204   <none>        80/TCP               17m
redis-node-0-west     ClusterIP   10.43.174.118   <none>        6379/TCP,26379/TCP   11m
redis-node-1-west     ClusterIP   10.43.141.222   <none>        6379/TCP,26379/TCP   11m
redis-node-2-west     ClusterIP   10.43.221.17    <none>        6379/TCP,26379/TCP   11m

• Testing connectivity: so far so good. It seems our service was exported from west to east, so all that's left here is for me to connect to redis using the client and see whether we get anything back. I exec'd onto my redis-client pod and tried to connect to the mirror host on its port. Since we connect to the mirror -- in my case, redis-headless-west -- we expect our client to talk to the redis instance in west:

# All commands happen in east cluster
# Connect to redis-client
:; kubectl exec --tty -i redis-client \
          --namespace default -c redis-client -- bash

# Inside container now, we can try to connect to mirror host
I have no name!@redis-client:/$ redis-cli -h redis-headless-west.default.svc.east.cluster.local -p 6379

# Start sending commands
redis-headless-west.default.svc.east.cluster.local:6379> ping
PONG
redis-headless-west.default.svc.east.cluster.local:6379>
redis-headless-west.default.svc.east.cluster.local:6379> ping
PONG
redis-headless-west.default.svc.east.cluster.local:6379> EXISTS foo
(integer) 0
redis-headless-west.default.svc.east.cluster.local:6379> SET foo 1
OK
redis-headless-west.default.svc.east.cluster.local:6379> EXISTS foo
(integer) 1
redis-headless-west.default.svc.east.cluster.local:6379> exit
I have no name!@redis-client:/$ exit

That concludes my investigation, for now. You'll notice at the end, we got a pong back from redis. We also checked if a key exists, set a value and then checked if it exists again. All of these commands worked for me from a redis-client pod in the source cluster; the cluster where redis wasn't deployed. The redis instance here came from west.

At one point, I got this from sentinel:

*** FATAL CONFIG FILE ERROR (Redis 6.2.6) ***
Reading the configuration file, at line 3
>>> 'sentinel monitor mymaster redis-node-0.redis-headless.default.svc.cluster.local 6379 2'
Can't resolve instance hostname.

Also, for some reason redis signals the headless service does not contain the IP of the pod (which is definitely untrue). Could it perhaps be the Bitnami chart? From my side, the target cluster should have no issues with service discovery. The mirror service will just act as an endpoint to the server for your client, so it wouldn't need to do service discovery itself. More than happy to answer more questions here or help you further :)

[Flou21]

Thank you very much, I really appreciate your help.

I will try installing redis without the bitnami chart and will tell you the results.

[mateiidavid]

Please do! I'd like to understand what doesn't work in your set-up and see if there are any obvious faults on our side, or any painpoints associated with running statefulset workloads across clusters.

[Flou21]

I recreated my setup.
One k8s cluster in europe and one k3s cluster in us, installed linkerd and linked the clusters.

I deployed redis to my europe cluster and started a pod with redis-cli in the us cluster.
From the pod in the us cluster I was able to connect to the redis instance in europe, just like you.

Then I tried to deploy my application, which uses redis and kafka but the application is unable to connect to kafka or redis.
part of the logs:

%3|1638305187.895|ERROR|rdkafka#consumer-1| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: 1/1 brokers are down
%6|1638305187.911|FAIL|rdkafka#consumer-2| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 132ms in state APIVERSION_QUERY)
%3|1638305187.911|ERROR|rdkafka#consumer-2| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: 1/1 brokers are down
%3|1638305187.916|ERROR|rdkafka#consumer-2| [thrd:app]: rdkafka#consumer-2: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 132ms in state APIVERSION_QUERY)
%6|1638305188.009|FAIL|rdkafka#consumer-3| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 129ms in state APIVERSION_QUERY)
%3|1638305188.009|ERROR|rdkafka#consumer-3| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: 1/1 brokers are down
%3|1638305188.009|ERROR|rdkafka#consumer-3| [thrd:app]: rdkafka#consumer-3: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 129ms in state APIVERSION_QUERY)
%6|1638305188.177|FAIL|rdkafka#consumer-2| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 126ms in state APIVERSION_QUERY, 1 identical error(s) suppressed)
%3|1638305188.177|ERROR|rdkafka#consumer-2| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: 1/1 brokers are down
%3|1638305188.177|ERROR|rdkafka#consumer-2| [thrd:app]: rdkafka#consumer-2: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 126ms in state APIVERSION_QUERY, 1 identical error(s) suppressed)
%6|1638305188.262|FAIL|rdkafka#consumer-3| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 126ms in state APIVERSION_QUERY, 1 identical error(s) suppressed)
%3|1638305188.265|ERROR|rdkafka#consumer-3| [thrd:kafka-helm-headless-europe.kafka:9092/bootstrap]: 1/1 brokers are down
%3|1638305188.268|ERROR|rdkafka#consumer-3| [thrd:app]: rdkafka#consumer-3: kafka-helm-headless-europe.kafka:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 126ms in state APIVERSION_QUERY, 1 identical error(s) suppressed)
crit: Microsoft.AspNetCore.Hosting.Diagnostics[6]
      Application startup exception
      StackExchange.Redis.RedisConnectionException: It was not possible to connect to the redis server(s). SocketFailure (ReadSocketError/ConnectionReset, 0-read, last-recv: 0) on redis-headless-europe.redis:6379/Interactive, Flushed/Faulted, last: ECHO, origin: ReadFromPipe, outstanding: 8, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: ConnectedEstablishing, mgr: 9 of 10 available, last-heartbeat: never, global: 2s ago, v: 2.2.4.27433
         at StackExchange.Redis.ConnectionMultiplexer.ConnectImpl(ConfigurationOptions configuration, TextWriter log) in /_/src/StackExchange.Redis/ConnectionMultiplexer.cs:line 1163
         at StackExchange.Redis.ConnectionMultiplexer.Connect(ConfigurationOptions configuration, TextWriter log) in /_/src/StackExchange.Redis/ConnectionMultiplexer.cs:line 1032
         at SkyCommands.Startup.<>c__DisplayClass4_0.<ConfigureServices>b__5(IServiceProvider provider) in /build/SkyCommand/Startup.cs:line 78
         at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
         at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
         at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitCache(ServiceCallSite callSite, RuntimeResolverContext context, ServiceProviderEngineScope serviceProviderEngine, RuntimeResolverLock lockType)

I don't know why this happens, I'll keep trying tomorrow.
But this is my current situation

[boedy]

I've been running into the same issue trying to access a Kafka cluster through the multi-cluster extension. As far as I know when connecting to Kafka you first connect with a bootstrap node. This can be any of the nodes. (I believe) the bootstrap node will then reply with the dns records on which all brokers can be reached. Herein lies the problem. The Kafka brokers are usually accessed through a headless service. As an example let's name it kafka-brokers-headless. In the case of 3 nodes, each Kafka broker is accessible through:

• main-kafka-1.kafka-brokers-headless
• main-kafka-2.kafka-brokers-headless
• main-kafka-3.kafka-brokers-headless

The problem here is that linkerd will post-fix the headless service with the originating cluster name (e.g. kafka-brokers-headless-west) when exposed. This means that when a Kafka client tries to connect it cannot find the brokers. If the -west extension wasn't added it would have worked fine.

Finding a workaround

After some hours I was luckily able to find a workaround. In our case we are using the Strimzi operator to deploy a Kafka cluster. Part of the solution is to add an extra listener with the cluster ip type. From Strimzi docs they write:

Configures an internal listener to expose Kafka using a per-broker ClusterIP type Service.

The listener does not use a headless service and its DNS names to route traffic to Kafka brokers. You can use this type of listener to expose a Kafka cluster when using the headless service is unsuitable. You might use it with a custom access mechanism, such as one that uses a specific Ingress controller or the Kubernetes Gateway API.

A new ClusterIP service is created for each Kafka broker pod. The service is assigned a ClusterIP address to serve as a Kafka bootstrap address with a per-broker port number. For example, you can configure the listener to expose a Kafka cluster over an Nginx Ingress Controller with TCP port configuration.

In the example below I named the extra listener external

  kafka:
    version: 3.3.1
    replicas: 3
    listeners:
      - name: plain
        port: 9092
        type: internal
        tls: false
      - name: external
        type: cluster-ip
        tls: false
        port: 9096

This exposes three new services in the west cluster:

• main-kafka-external-0-west
• main-kafka-external-1-west
• main-kafka-external-2-west

When connecting to one of these service Kafka still responds with the DNS name not including -west postfix, which still can't be found by the client. As a workaround we need to map the non existing service names to its -west counter parts. This can be done as such:

apiVersion: v1
kind: Service
metadata:
  name: main-kafka-external-0
  namespace: kafka
spec:
  ports:
    - port: 9096
  externalName: main-kafka-external-0-west.kafka.svc.cluster.local
  type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
  name: main-kafka-external-1
  namespace: kafka
spec:
  ports:
    - port: 9096
  externalName: main-kafka-external-1-west.kafka.svc.cluster.local
  type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
  name: main-kafka-external-2
  namespace: kafka
spec:
  ports:
    - port: 9096
  externalName: main-kafka-external-2-west.kafka.svc.cluster.local
  type: ExternalName

Now when the broker tries to redirect the client to main-kafka-external-0 it will use main-kafka-external-0-west to get there.

---

It would be nice if we could label service in the origin cluster to define how it should be exposed, as it can make your life difficult when working with workloads like Kafka. Perhaps:

mirror.linkerd.io/exported-name-postfix: ""

A similar issue are discussed here: #10275

In the meantime I hope this helps others running into the same issue as me.