search

alibaba / kt-connect

A toolkit for Integrating with your kubernetes dev environment more efficiently
https://alibaba.github.io/kt-connect/#/
GNU General Public License v3.0
1.51k stars 229 forks source link

ktctl connect ok but cannot visit the pod #99

Closed pretendhigh closed 2 years ago

pretendhigh commented 4 years ago

Describe the bug I start ktctl connect, and it says "KT proxy start successful", but i cannot visit service in the default namespace

Log

kubectl run tomcat --image=rdc-product/kt-connect-tomcat9:1.0 --expose --port=8080
[root@ansible002 ~]# kubectl get po -o wide
NAME                                       READY     STATUS    RESTARTS   AGE       IP               NODE           NOMINATED NODE
centos                                     1/1       Running   1          24d       10.253.161.100   192.168.1.41   <none>
kt-connect-daemon-kbkum-557f6ddfc4-n2cjx   1/1       Running   0          1h        10.253.8.101     192.168.1.49   <none>
kubia-jtfsb                                1/1       Running   2          59d       10.253.71.117    192.168.1.14   <none>
openjdk                                    1/1       Running   0          22d       10.253.161.101   192.168.1.41   <none>
tomcat-5766f94646-h6xkj                    1/1       Running   0          23h       10.253.31.170    192.168.1.4    <none>

I am using local network , so I use --image. When KT proxy start successful, But I cann't visit tomcat-5766f94646-h6xkj

[root@ansible002 ~]# ktctl --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn
9:22AM INF Connect Start At 3600265
9:22AM INF Client address 10.2.7.107
9:22AM INF deploy shadow deployment kt-connect-daemon-kbkum in namespace default
9:22AM INF pod label: kt=kt-connect-daemon-kbkum
9:22AM INF pod: kt-connect-daemon-kbkum-557f6ddfc4-n2cjx is running,but not ready
9:22AM INF pod: kt-connect-daemon-kbkum-557f6ddfc4-n2cjx is running,but not ready
9:23AM INF pod: kt-connect-daemon-kbkum-557f6ddfc4-n2cjx is running,but not ready
9:23AM INF pod: kt-connect-daemon-kbkum-557f6ddfc4-n2cjx is running,but not ready
....
9:24AM INF Shadow pod: kt-connect-daemon-kbkum-557f6ddfc4-n2cjx is ready.
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
9:24AM INF port-forward start at pid: 3600820
Handling connection for 2222
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
client: Connected.
9:24AM INF vpn(sshuttle) start at pid: 3600862
9:24AM INF KT proxy start successful
curl 10.253.31.170:8080

The kt-connect-daemon log:

[root@ansible002 ~]# kb logs -f kt-connect-daemon-kbkum-557f6ddfc4-n2cjx
1:25AM INF Start kt connect proxy
1:25AM INF Successful load local /etc/resolv.conf
1:25AM INF Success load nameserver 10.254.0.2

1:25AM INF Success load search default.svc.cluster.local.

1:25AM INF Success load search svc.cluster.local.

1:25AM INF Success load search cluster.local.

1:28AM INF Received DNS query for 11.57.3.10.in-addr.arpa.: 

1:28AM INF Exchange message for domain 11.57.3.10.in-addr.arpa. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 0.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 0.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 0.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 0.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 1.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 1.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 1.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 1.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 2.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 2.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 2.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 2.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 3.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 3.centos.pool.ntp.org. to dns server 10.254.0.2:53

1:41AM INF Received DNS query for 3.centos.pool.ntp.org.: 

1:41AM INF Exchange message for domain 3.centos.pool.ntp.org. to dns server 10.254.0.2:53

Environment (please complete the following information):

Additional context Add any other context about the problem here.

yunlzheng commented 4 years ago

@pretendhigh please provide the log with debug mode ktctl -d connect thanks.

pretendhigh commented 4 years ago

@pretendhigh please provide the log with debug mode ktctl -d connect thanks.

[root@ansible002 ansible_scripts]# ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn
4:55PM INF Connect Start At 3736872
4:55PM INF Client address 10.2.7.107
4:55PM INF deploy shadow deployment kt-connect-daemon-rnpmz in namespace default

4:55PM INF pod label: kt=kt-connect-daemon-rnpmz
4:55PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
...
4:57PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
4:57PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
4:57PM INF Shadow pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is ready.
4:57PM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn]
4:57PM DBG Child, cmd.Args = [kubectl --kubeconfig=/root/.kube/config -n default port-forward kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 2222:22]
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
4:57PM INF port-forward start at pid: 3737374
4:57PM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn]
4:57PM DBG Child, cmd.Args = [sshuttle --dns --to-ns 10.253.166.46 -v -e ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i /root/.kt_id_rsa -r root@127.0.0.1:2222 -x 127.0.0.1 10.253.13.0/24 10.253.11.0/24 10.253.10.0/24 10.253.14.0/24 10.253.2.0/24 10.253.12.0/24 10.253.0.0/24 10.253.8.0/24 10.253.1.0/24 10.253.18.0/24 10.253.6.0/24 10.253.17.0/24 10.253.5.0/24 10.253.9.0/24 10.253.16.0/24 10.253.3.0/24 10.253.15.0/24 10.253.7.0/24 10.253.4.0/24 10.253.19.0/24 10.254.0.0/16]
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.5
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
User enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12299).
Starting client with Python version 2.7.5
c : connecting to server...
Handling connection for 2222
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
Starting server with Python version 3.5.2
 s: latency control setting = True
 s: auto-nets:False
c : Connected.
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.13.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.11.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.10.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.14.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.2.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.12.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.0.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.8.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.1.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.18.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.6.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.17.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.5.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.9.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.16.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.3.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.15.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.7.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.4.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.19.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.254.0.0/16 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.1.1.223/32 -p udp --dport 53 --to-ports 12299 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.1.1.220/32 -p udp --dport 53 --to-ports 12299 -m ttl ! --ttl 42
4:57PM INF vpn(sshuttle) start at pid: 3737417
4:57PM INF KT proxy start successful
yunlzheng commented 4 years ago

@pretendhigh as the log, show seem everything is work as expected. you can try use socks5 mode first. i will try reproduce in centos7

@pretendhigh please provide the log with debug mode ktctl -d connect thanks.

[root@ansible002 ansible_scripts]# ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn
4:55PM INF Connect Start At 3736872
4:55PM INF Client address 10.2.7.107
4:55PM INF deploy shadow deployment kt-connect-daemon-rnpmz in namespace default

4:55PM INF pod label: kt=kt-connect-daemon-rnpmz
4:55PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
...
4:57PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
4:57PM INF pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is running,but not ready
4:57PM INF Shadow pod: kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 is ready.
4:57PM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn]
4:57PM DBG Child, cmd.Args = [kubectl --kubeconfig=/root/.kube/config -n default port-forward kt-connect-daemon-rnpmz-77bb65ff97-rp8m6 2222:22]
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
4:57PM INF port-forward start at pid: 3737374
4:57PM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=vpn]
4:57PM DBG Child, cmd.Args = [sshuttle --dns --to-ns 10.253.166.46 -v -e ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i /root/.kt_id_rsa -r root@127.0.0.1:2222 -x 127.0.0.1 10.253.13.0/24 10.253.11.0/24 10.253.10.0/24 10.253.14.0/24 10.253.2.0/24 10.253.12.0/24 10.253.0.0/24 10.253.8.0/24 10.253.1.0/24 10.253.18.0/24 10.253.6.0/24 10.253.17.0/24 10.253.5.0/24 10.253.9.0/24 10.253.16.0/24 10.253.3.0/24 10.253.15.0/24 10.253.7.0/24 10.253.4.0/24 10.253.19.0/24 10.254.0.0/16]
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.5
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: True
User enabled: False
TCP redirector listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12299).
Starting client with Python version 2.7.5
c : connecting to server...
Handling connection for 2222
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
Starting server with Python version 3.5.2
 s: latency control setting = True
 s: auto-nets:False
c : Connected.
firewall manager: setting up.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.13.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.11.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.10.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.14.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.2.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.12.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.0.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.8.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.1.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.18.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.6.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.17.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.5.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.9.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.16.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.3.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.15.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.7.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.4.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.253.19.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.254.0.0/16 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.1.1.223/32 -p udp --dport 53 --to-ports 12299 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 10.1.1.220/32 -p udp --dport 53 --to-ports 12299 -m ttl ! --ttl 42
4:57PM INF vpn(sshuttle) start at pid: 3737417
4:57PM INF KT proxy start successful
pretendhigh commented 4 years ago

@pretendhigh as the log, show seem everything is work as expected. you can try use socks5 mode first. i will try reproduce in centos7

I try to use socks5, and get the same problem. I try to visit the tomcat pod in default namespace "curl 10.253.31.170:8080“,but get no answer.

[root@ansible002 ~]# ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=socks5 
11:21AM INF Connect Start At 737308
11:21AM INF Client address 10.2.7.107
11:21AM INF deploy shadow deployment kt-connect-daemon-snray in namespace default

11:21AM INF pod label: kt=kt-connect-daemon-snray
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is running,but not ready
11:21AM INF Shadow pod: kt-connect-daemon-snray-5f8f57bb9c-hvxdn is ready.
11:21AM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=socks5]
11:21AM DBG Child, cmd.Args = [kubectl --kubeconfig=/root/.kube/config -n default port-forward kt-connect-daemon-snray-5f8f57bb9c-hvxdn 2222:22]
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
11:21AM INF port-forward start at pid: 737384
11:21AM INF ==============================================================
11:21AM INF Start SOCKS5 Proxy: export http_proxy=socks5://127.0.0.1:2223
11:21AM INF ==============================================================
11:21AM DBG Child, os.Args = [ktctl -d --image rdc-incubator/kt-connect-shadow:stable connect --method=socks5]
11:21AM DBG Child, cmd.Args = [ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i /root/.kt_id_rsa -D 2223 root@127.0.0.1 -p2222 sh loop.sh]
Handling connection for 2222
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
11:21AM INF vpn(ssh) start at pid: 737428
11:21AM INF KT proxy start successful
curl 10.253.31.170:8080
yunlzheng commented 4 years ago

export http_proxy=socks5://127.0.0.1:2223

@pretendhigh i can't reproduce the issue in centos7. when you use socks5 mode. do you export http_proxy as the log show?

wenhuwang commented 4 years ago

I have same issues. Environment:

OS: Ubuntu 18.04.4 LTS Kubernetes v1.13.4 KT Version kt-0.0.12

mars@mars:~/Downloads$ kubectl get pods -owide
NAME                                       READY   STATUS    RESTARTS   AGE   IP               NODE         NOMINATED NODE   READINESS GATES
kt-connect-daemon-egcxs-68884ffd4d-psjwd   1/1     Running   0          6s    172.13.125.146   10.9.47.13   <none>           <none>
ng-69d96b6c94-6vl89                        1/1     Running   0          47d   172.13.39.74     10.9.47.12   <none>           <none>
nginx-test-7fdf4d66c7-nhlhj                1/1     Running   0          20d   172.13.125.166   10.9.47.13   <none>           <none>

When KT proxy start successful, But I cann't visit nginx-test-7fdf4d66c7-nhlhj

mars@mars:~/Downloads$ sudo ktctl -d connect --method=vpn
10:53AM INF Connect Start At 6514
10:53AM INF Client address 10.0.3.15
10:53AM INF deploy shadow deployment kt-connect-daemon-egcxs in namespace default

10:53AM INF pod label: kt=kt-connect-daemon-egcxs
10:53AM INF pod: kt-connect-daemon-egcxs-68884ffd4d-psjwd is running,but not ready
10:53AM INF pod: kt-connect-daemon-egcxs-68884ffd4d-psjwd is running,but not ready
10:53AM INF Shadow pod: kt-connect-daemon-egcxs-68884ffd4d-psjwd is ready.
10:53AM DBG Child, os.Args = [ktctl -d connect --method=vpn]
10:53AM DBG Child, cmd.Args = [kubectl --kubeconfig=/home/mars/.kube/config -n default port-forward kt-connect-daemon-egcxs-68884ffd4d-psjwd 2222:22]
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
10:53AM INF port-forward start at pid: 6527
10:53AM DBG Child, os.Args = [ktctl -d connect --method=vpn]
10:53AM DBG Child, cmd.Args = [sshuttle --dns --to-ns 172.13.125.146 -v -e ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i /home/mars/.kt_id_rsa -r root@127.0.0.1:2222 -x 127.0.0.1 172.13.3.0/24 172.13.4.0/24 172.13.5.0/24 172.13.0.0/24 172.13.1.0/24 172.13.2.0/24 10.63.0.0/16]
10:53AM INF KT proxy start successful
10:53AM INF vpn(sshuttle) finished

I cannot visit podIp and svc.

mars@mars:~/Downloads$ ping 172.13.125.166
PING 172.13.125.166 (172.13.125.166) 56(84) bytes of data.
^C
--- 172.13.125.166 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9193ms

mars@mars:~/Downloads$ kubectl get svc
NAME           TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
f5-test-http   ClusterIP   10.63.22.50   <none>        80/TCP    216d
kubernetes     ClusterIP   10.63.0.1     <none>        443/TCP   453d
mars@mars:~/Downloads$ ping kubernetes
ping: kubernetes: Name or service not known
wenhuwang commented 4 years ago

when i use kubenetes v1.17.5, i can visit PodIP, but cannot visit svc.

KT proxy have started successful.

mars@mars:~/Downloads$ sudo ktctl -d connect --method=vpn
11:02AM INF Connect Start At 6583
11:02AM INF Client address 10.0.3.15
11:02AM INF deploy shadow deployment kt-connect-daemon-oatdy in namespace default

11:02AM INF pod label: kt=kt-connect-daemon-oatdy
11:02AM INF pod: kt-connect-daemon-oatdy-96bdbb8cc-sgds8 is running,but not ready
11:02AM INF pod: kt-connect-daemon-oatdy-96bdbb8cc-sgds8 is running,but not ready
11:02AM INF Shadow pod: kt-connect-daemon-oatdy-96bdbb8cc-sgds8 is ready.
11:02AM DBG Child, os.Args = [ktctl -d connect --method=vpn]
11:02AM DBG Child, cmd.Args = [kubectl --kubeconfig=/home/mars/.kube/config -n default port-forward kt-connect-daemon-oatdy-96bdbb8cc-sgds8 2222:22]
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
11:02AM INF port-forward start at pid: 6596
11:02AM DBG Child, os.Args = [ktctl -d connect --method=vpn]
11:02AM DBG Child, cmd.Args = [sshuttle --dns --to-ns 10.9.194.109 -v -e ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i /home/mars/.kt_id_rsa -r root@127.0.0.1:2222 -x 127.0.0.1 10.9.195.0/24 10.9.196.0/24 10.9.197.0/24 10.9.198.0/24 10.9.199.0/24 10.9.200.0/24 10.9.202.0/24 10.9.201.0/24 10.9.203.0/24 10.9.193.0/24 10.9.194.0/24 10.9.192.0/24 10.68.0.0/16]
11:02AM INF KT proxy start successful
11:02AM INF vpn(sshuttle) finished

I can visit PodIP, but cannot visit svc.

mars@mars:~/Downloads$ kubectl get pods -owide
NAME                                      READY   STATUS    RESTARTS   AGE     IP             NODE         NOMINATED NODE   READINESS GATES
dns-test                                  1/1     Running   0          40d     10.9.221.222   10.9.38.67   <none>           <none>
kt-connect-daemon-oatdy-96bdbb8cc-sgds8   1/1     Running   0          42s     10.9.194.109   10.9.38.55   <none>           <none>
nginx-df5965c84-l4rxx                     1/1     Running   0          3d21h   10.9.208.63    10.9.38.56   <none>           <none>
test002-6c757557f9-5d52n                  2/2     Running   0          24d     10.9.221.238   10.9.38.67   <none>           <none>
mars@mars:~/Downloads$ kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.68.0.1      <none>        443/TCP   100d
nginx        ClusterIP   10.68.11.202   <none>        80/TCP    83d
mars@mars:~/Downloads$ curl 10.9.208.63
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
mars@mars:~/Downloads$ curl http://nginx
curl: (6) Could not resolve host: nginx
linfan commented 2 years ago

may cause by search config in local resolv.conf, fixed in 0.1.0