I’m a developer at IBM, working on the CSI driver (which is the interface to external volume storage - which translates K8S storage operations to storage-specific operations).
Each supported storage-system type operates on a different TCP port, and the driver assumes that if a request to open a TCP connection to a specific management port number succeeds - then the storage is of the type that corresponds to that port number.
There appears to be an issue specific to microk8s (does not reproduce in k8s) - TCP connection open requests always succeed locally, even when the target system doesn’t listen on that port. This confuses the CSI driver auto-detect mechanism, and the external storage becomes un operational.
My questions are:
- Is this the expected behavior?
- Is there a way to block a specific port to work around this behavior? (as quick workaround for customers)
- Is there a way to configure microK8s to only succeed in opening a TCP connection if the target system listens on the port?
I tried to search the documentation but couldn’t find a configuration setting that does that directly. Here:
kube-proxy | Kubernetes
In fact - many of the parameters are explained briefly or not at all.
Thanks in advance for your help.