The LoadBalancer type service in Kubernetes on WSL2 should be accessible from both Windows and WSL2.

[d2461795341]

I encountered an issue in wsl2 ubuntu22.04 while using Kind and its corresponding loadbalancer -- cloud-provider-kind.

I am using Docker Desktop shared between WSL2 and Windows, and I’ve tried both NAT and mirrored WSL2 network configurations.

Notably:

• In NAT mode, cloud-provider-kind needs to be started in privileged mode in WSL2. In this case, the external IP can only be accessed via curl from WSL2, and not from Windows. On Windows, the service can be accessed through localhost with the port kindccm exposing to host machine.
• In mirrored mode: cloud-provider-kind must be started in privileged mode on either Windows or WSL2, along with the --enable-lb-port-mapping=true flag, for the LoadBalancer service to be assigned an external IP. However, the external IP at this point is not accessible—it cannot be accessed from either WSL2 or Windows. service can only be accessed through localhost with the port kindccm exposing to host machine.

Both of these configurations can assign an external IP to a LoadBalancer service. However, is there a way to make the LoadBalancer service accessible directly through the external IP on both WSL2 and Windows, like it is on macOS?

ref:
https://github.com/kubernetes-sigs/cloud-provider-kind
kubernetes-sigs/cloud-provider-kind#189

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

[d2461795341]

/question

[github-actions]

Diagnostic information

Found '/question', adding tag 'question'

[CatalinFetoiu]

thanks for reporting the issue

to better understand the scenario - is the external IP an IP assigned to a Linux interface (is this is an IP that shows up in the output of "ip addr show"?) or is it some sort of virtual IP that only Kubernetes knows about?

[d2461795341]

I did some research and found that the external IP is not assigned to a Linux interface but rather to the IP of a container in Docker. Whenever a LoadBalancer-type service is created, the cloud-provider-kind creates a corresponding container. In fact, the external IP is the IP of that container. Just like the node containers in the k8s cluster, they are all in the same Docker network called kind. However, what's strange is that under NAT mode, this IP seems to be accessible only within WSL, but not from Windows. I am sharing a Docker Desktop instance between WSL2 and Windows.

[CatalinFetoiu]

thanks for the additional context. can you please collect networking logs using the instructions at https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues?

the script will generate a zip with "WslNetworkingLogs*"

please also share the external IP you are connecting to, so that we can use it to narrow down the logs