nelzhang02184516
commented
5 days ago cloud raven-agent log:
I1118 03:00:42.484473 1 engine.go:121] "RavenEngine: updating gateway, gw-cd" I1118 03:00:42.484497 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue I1118 03:00:42.484555 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue I1118 03:00:42.484611 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd I1118 03:00:42.484691 1 tunnelagent.go:216] "no public IP for gateway, waiting for sync" gateway="gw-cd" I1118 03:00:42.484712 1 tunnelagent.go:119] network not changed, skip to process I1118 03:00:42.484792 1 proxy.go:214] ProxyClient: start raven l7 proxy client I1118 03:00:42.484813 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it I1118 03:00:46.482265 1 engine.go:121] "RavenEngine: updating gateway, gw-cd" I1118 03:00:46.482290 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue I1118 03:00:46.482305 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue I1118 03:00:46.482342 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd I1118 03:00:46.482420 1 tunnelagent.go:216] "no public IP for gateway, waiting for sync" gateway="gw-cd" I1118 03:00:46.482440 1 tunnelagent.go:119] network not changed, skip to process I1118 03:00:46.484068 1 proxy.go:214] ProxyClient: start raven l7 proxy client I1118 03:00:46.484095 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it I1118 03:00:46.487877 1 engine.go:121] "RavenEngine: updating gateway, gw-cd" I1118 03:00:46.487895 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue I1118 03:00:46.487911 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue I1118 03:00:46.487944 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd I1118 03:00:46.488812 1 tunnelagent.go:123] "applying network" localEndpoint="172.16.132.133" remoteEndpoint=map[gw-cd:172.16.16.89] I1118 03:00:46.488843 1 libreswan.go:187] Tunnel: desired edge connections: map[], desired relay connections: map[172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24:0xc00058bfb0] I1118 03:00:46.488848 1 libreswan.go:201] no desired edge connections I1118 03:00:46.490384 1 proxy.go:214] ProxyClient: start raven l7 proxy client I1118 03:00:46.490404 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it I1118 03:00:46.497050 1 libreswan.go:448] "whacking with" args=[--psk --encrypt --forceencaps --name 172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24 --id @172.16.132.133-10.244.0.0/24-10.244.2.0/24 --host 172.16.132.133 --client 10.244.0.0/24 --ikeport 4500 --to --id @172.16.16.89-10.244.2.0/24-10.244.0.0/24 --host %any --client 10.244.2.0/24 --dpddelay 15 --dpdtimeout 30 --dpdaction restart] output="whack: IKEv2 liveness uses --retransmit-timeout, option --dpdtimeout ignored\n002 \"172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24\": added IKEv2 connection\n" I1118 03:00:46.497075 1 vxlan.go:83] Tunnel: only gateway node exist in current gateway, cleaning up route setting I1118 03:01:18.280193 1 manageheader.go:77] ProxyServer: request from apiserver with host iz2vcbqht61jy7tsvof5u7z:10250 and url /containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub is processed by header manager I1118 03:01:18.280341 1 manageheader.go:120] ProxyServer: start handling request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, req.Host changed from iz2vcbqht61jy7tsvof5u7z:10250 to 172.16.16.89:10250, remote address is 172.16.132.133:38234 E1118 03:01:18.280545 1 tunnel.go:76] "currently no tunnels available" err="No backend available" E1118 03:01:18.280808 1 interceptor.go:279] ProxyServer: failed to setup the proxy for 172.16.16.89:10250, error fail to setup TLS handshake to 172.16.16.89:10250: error write unix @->/tmp/interceptor-proxier.sock: write: broken pipe I1118 03:01:18.280834 1 manageheader.go:124] ProxyServer: finish handle request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, handle lasts 475.904µs I1118 03:52:41.751691 1 manageheader.go:77] ProxyServer: request from apiserver with host iz2vcbqht61jy7tsvof5u7z:10250 and url /containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub is processed by header manager I1118 03:52:41.751838 1 manageheader.go:120] ProxyServer: start handling request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, req.Host changed from iz2vcbqht61jy7tsvof5u7z:10250 to 172.16.16.89:10250, remote address is 172.16.132.133:32036 E1118 03:52:41.752032 1 tunnel.go:76] "currently no tunnels available" err="No backend available" E1118 03:52:41.752191 1 interceptor.go:279] ProxyServer: failed to setup the proxy for 172.16.16.89:10250, error fail to setup TLS handshake to 172.16.16.89:10250: error write unix @->/tmp/interceptor-proxier.sock: write: broken pipe I1118 03:52:41.752210 1 manageheader.go:124] ProxyServer: finish handle request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, handle lasts 360.251µs
zyjhtangtang
What happened: I tried to use raven Gateways for cloud-edge communication in the new cluster. After configuring Gateways, the edge node raven-agent reported an error. What you expected to happen: cloud-edge communication How to reproduce it (as minimally and precisely as possible): my address:
raven gateways setting:
cloud error:
edge raven-agent error log: W1118 03:49:31.470619 1 logging.go:59] [core] [Channel #499 SubChannel #500] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:49:31.470816 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:49:49.030518 1 logging.go:59] [core] [Channel #501 SubChannel #502] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:49:49.030622 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:50:06.996726 1 logging.go:59] [core] [Channel #503 SubChannel #504] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:50:06.996851 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:50:24.981607 1 logging.go:59] [core] [Channel #505 SubChannel #506] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:50:24.981755 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:50:42.861499 1 logging.go:59] [core] [Channel #507 SubChannel #508] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:50:42.861599 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:51:00.591151 1 logging.go:59] [core] [Channel #509 SubChannel #510] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:51:00.591278 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\"" W1118 03:51:17.813888 1 logging.go:59] [core] [Channel #511 SubChannel #512] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36" E1118 03:51:17.813991 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36\""
Anything else we need to know?:
Environment:
kubectl version):v1.25.6cat /etc/os-release):Linuxuname -a):3.10.0-1160.119.1.el7.x86_64others /kind question