Closed fabioroger closed 6 years ago
Check the following:
NetworkPolicies
?How are you checking connectivity?
First, thank you very much for your reply.
So,
For pods CIDR:
$ kubectl cluster-info dump | grep -i cidr
"PodCIDR": "10.42.0.0/24",
"subnet": "usePodCidr"
For services CIDR, since all start with 10.43
and assumed their CIDR to be 10.43.0.0/16
.
As for NetworkPolicies
, I'm not at all familiar with them, but:
$ kubectl get NetworkPolicy --all-namespaces
No resources found.
And I'm checking connectivity with netcat
. Calls like this just hang forever:
$ nc -v 10.42.0.10 53
against all known services/pod ips and ports. The only ports I can reach are the ones in openvpn
own pod.
Also, for sanity check, I just redid the steps against a Google Cluster cluster and everything works perfectly.
Again thank you for your help. Any other ideas would be greatly appreciated.
Found the problem!
net.ipv4.ip_forward
was 0
for openvpn container.
Running this on the node did the trick:
$ nsenter -t $(docker inspect --format '{{.State.Pid}}' $CONTAINER_NAME) -n sysctl -w net.ipv4.ip_forward=1
Have you tested this in a non-gke environment?
Once my client connects to server, I can't access anything other than the openvpn pod.
Communication between client and the openvpn pod seems fine, but can't connect from client to anything else (in kubernetes cluster or not)
I tried changing
OVPN_NETWORK
and also played withOVPN_DEFROUTE
, but of no avail. Also took a look on debug logs but no obvious errors show up.Any ideas?
Initialization logs:
Client connecting logs:
netstat -rn:
iptables-save: