Closed venelin-rangelov closed 4 months ago
I investigated this further. Here's what I believe happens:
The kubeconfig contains an exec
type authentication appointing a binary. Something similar to:
exec:
apiVersion: client.authentication.k8s.io/v1
command: aws
args:
- --region
- <some region>
- eks
...
When using --docker
, telepresence must modify this kubeconfig because the aws
command is not available in the container where the port-forward to the cluster is established. So before connecting, telepresence starts a k8sauth
daemon process outside of docker that listens to a random TCP port (46293 in the error). This process will eventually make the aws eks
call described in the exec
config to retrieve the credentials. Telepresence then modifies the kubeconfig to execute telepresence kubeauth <IP of Docker host>:<random TCP port>
. The kubeauth
subcommand connects to the port and sends a gRPC call to the kubeauth
process executing outside of docker, and receives the credentials in return.
This works well in all situations except when the initial call to telepresence connect --docker
is made from a host that is different from the Docker host, and that is exactly what happens when the call is made from a Linux started by WSL, because the Docker host in this case, is the Windows host, not the Linux host. Consequently, the telepresence kubeauth <IP of Windows host>:<random TCP port>
fails, because the kubeauth
process that it tries to contact runs on the Linux host.
The solution that I'm working on, will ensure that the host making the telepresence connect --docker
is used at all times.
We have a business account and I'm using Windows 11 with WSL 2 Ubuntu distribution(latest version) Telepresence is up to date being v2.19.5
I do first
telepresence login
and log in in the browser to be sure, additionally connected to my cluster in AWS.The problem is strange because when i go in WSL and do
telepresence connect
- that connects me, but if i do telepresence connect --docker
that gives the error:telepresence connect: error: connector.Connect: initial cluster check failed: Get "https://xxxxxxxxx.gr7.us-east-2.eks.amazonaws.com/version": getting credentials: exec: executable telepresence failed with exit code 1
logs shows this:
Same actions done in terminal in the windows itself does connect. Additionally did checked that my resolve.conf has the dns 8.8.8.8 added so i have connection to outside within wsl
Expected behavior I should be able to connect both in WSL and Windows itself with --docker option