Use pod-network k8s service endpoint for non-cluster-host Typha#4840
Merged
caseydavenport merged 1 commit intoMay 21, 2026
Merged
Conversation
The non-cluster-host Typha deployment runs pod-networked, but it was inheriting KUBERNETES_SERVICE_HOST/PORT from the host-network endpoint. On MKE clusters that resolves to proxy.local:6444, which is unreachable from pods, so the deployment crashloops with DNS timeouts. Override those env vars from K8sServiceEpPodNetwork (populated from the kubernetes-service-endpoint ConfigMap's *_POD_NETWORK keys) when set.
hjiawei
approved these changes
May 21, 2026
coutinhop
approved these changes
May 21, 2026
This was referenced May 21, 2026
caseydavenport
added a commit
that referenced
this pull request
May 21, 2026
… (#4842) The non-cluster-host Typha deployment runs pod-networked, but it was inheriting KUBERNETES_SERVICE_HOST/PORT from the host-network endpoint. On MKE clusters that resolves to proxy.local:6444, which is unreachable from pods, so the deployment crashloops with DNS timeouts. Override those env vars from K8sServiceEpPodNetwork (populated from the kubernetes-service-endpoint ConfigMap's *_POD_NETWORK keys) when set. (cherry picked from commit e3664ff)
This was referenced May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The non-cluster-host Typha deployment runs pod-networked, but it inherits its
KUBERNETES_SERVICE_HOST/KUBERNETES_SERVICE_PORTenv vars from the host-network endpoint. On MKE clusters that'sproxy.local:6444, which pods can't resolve, so the NCH Typha crashloops with DNS timeouts during the iptables-to-eBPF migration.#4474 already plumbed a separate
PodNetworkEndpoint(from theKUBERNETES_SERVICE_HOST_POD_NETWORK/KUBERNETES_SERVICE_PORT_POD_NETWORKentries in thekubernetes-service-endpointConfigMap) for exactly this case, but the NCH Typha render code wasn't consuming it. This passes it throughTyphaConfigurationand overrides the host-network values intyphaEnvVarsNonClusterHostwhen it's set.