Open cameronbraid opened 4 years ago
I can get dig to work like :
dig whoami.demo.svc.cluster.local @127.0.0.1 -p 58748
...
whoami.demo.svc.cluster.local. 0 IN A 10.103.36.93
...
I think its the following command that is not finishing :
iptables -w -L -t nat
If I run this it goes really slowly from
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
then each few seconds it outputs ONE line like :
MASQUERADE all -- 172.21.0.0/16 anywhere
MASQUERADE all -- 172-0-0-0.lightspeed.brhmal.sbcglobal.net/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
If I run iptables -w -L -t nat -n
I get the list almost instantly
Is there a workaround, or do the sources of kwt need to change to include the numeric argument for iptables ?
that gets me further !
sudo -E (pwd)/kwt net start
03:15:00PM: info: KubeEntryPoint: Creating networking client secret 'kwt-net-ssh-key' in namespace 'default'...
03:15:00PM: info: KubeEntryPoint: Creating networking host secret 'kwt-net-host-key' in namespace 'default'...
03:15:00PM: info: KubeEntryPoint: Creating networking pod 'kwt-net' in namespace 'default'
03:15:00PM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'default' to start...
03:15:00PM: info: dns.FailoverRecursorPool: Starting with '127.0.0.1:53'
03:15:00PM: info: dns.DomainsMux: Registering cluster.local.->kube-dns
03:15:00PM: info: TCPProxy: Started proxy on 127.0.0.1:37669
03:15:00PM: info: UDPProxy: Started proxy on 127.0.0.1:59131
03:15:00PM: info: dns.Server: Started DNS server on 127.0.0.1:34605 (TCP) and 127.0.0.1:51127 (UDP)
03:15:00PM: info: ForwardingProxy: Forwarding subnets: 10.244.1.5/14, 10.96.0.1/14, 10.103.36.93/14, 10.106.88.227/14, 10.110.20.239/14
03:15:00PM: info: ForwardingProxy: Ready!
Though I still cant ping pods, or dns resolve without targeting the kwt dns server directly
I managed to get dns to work if I run the following iptables command
iptables -w -t nat -A kwt-tcp-39901-output -j REDIRECT --dest 127.0.0.1/32 -p tcp --dport 53 --to-ports 33585
The same as the command that kwt ran, omitting the -m ttl ! --ttl 42 -m owner ! --gid-owner 1
args
I dont know what they do, so I dont think I can progress any further
Hrm, well, now its working so not sure what's going on there.
Would you accept a PR to add the '-n' arg ?
omitting the -m ttl ! --ttl 42 -m owner ! --gid-owner 1. I dont know what they do, so I dont think I can progress any further
hmm from i recall this was added to avoid kwt catching traffic coming out of kwt.
Running kwt never reaches the "ForwardingProxy: Ready" log line as in the README
also dns lookups fail
There are no logs in the kwt-net pod