Open solidDoWant opened 2 years ago
this usually indicates some sort of connectivity problem between coredns and the API server. See similar issue #38 This plugin does not make its own connection and relies on client-go for all interactions with the API server. Have you tried running anything else with this kubeconfig, e.g. upstream coredns? Also try and capture the tcpdump of the packet exchange to see if there are any silent drops or connection resets.
kubectl --kubeconfig ../../working/kubeconfig.yaml get services -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
calico-system calico-kube-controllers-metrics ClusterIP 10.43.230.49 <none> 9094/TCP 6d15h
...
I also ran a packet capture and I can see that there are no silent drops/resets, and that there is bidirectional application data. Unfortunately as far as I know I cannot decrypt the TLS session after it's been captured even with the private key here due to the kube API using elliptic curve encryption. And when I tried proxying the traffic to see the requests being made, the problem went away... See here for a packet capture from tcpdump: k8s_gateway cap.zip.
Is there any additional logging that I can turn on?
you can also check the logs on the API server to see if there's anything obvious there.
Have a really oddball problem. Running coredns outside of a k3s cluster, with k8s_gateway and it's kubeconfig pointing at the k3s cluster. Here's my config:
Corefile:
k8s_gateway config:
kubeconfig (secrets redacted):
With the config above, k8s_gateway fails to sync with the controller, logging
[ERROR] plugin/errors: 2 traefik.echozulu.games. A: plugin/k8s_gateway: Could not sync required resources
. Full log:The really weird part is that when I setup a HTTPS proxy like mitmproxy on another computer, and uncomment the
proxy
line in the kubeconfig, everything works as expected:What am I doing wrong here?