New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Testing on Kind: APIServer proxy not working #6
Comments
hence the |
btw it seems |
yup i changed it already :) - well hold on - we already have a To solve my problem i think... KPNG server needs to tell the KPNG dataplane "hey mister dataplane ! write apiserver routing rules on startup do this 10.0.96.1 IP !" even before it can connect to the apiserver, right? or is this a feature request ? after all, its the service proxy's job to write host-network service APIs... |
i guess im asking more of a theoretical question then anything else - https://groups.google.com/g/kubernetes-sig-network/c/GKwCWXlpx04 |
not that it's a priority, but I wonder if I could override the gRPC version
in kpng to access the balancing code.
Le lun. 19 avr. 2021 à 15:42, jay vyas ***@***.***> a écrit :
… i guess im asking more of a theoretical question then anything else -
https://groups.google.com/g/kubernetes-sig-network/c/GKwCWXlpx04
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA5QROBMTU7UCSAYRGNFBNLTJQXMTANCNFSM43E3F3ZA>
.
|
ya interesting idea |
Solutions:
|
Start with The kubeconfig.token file; apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://192.168.1.1:6443
name: xcluster
contexts:
- context:
cluster: xcluster
user: root
name: xcluster
current-context: xcluster
kind: Config
preferences: {}
users:
- name: root
user:
token: kallekula
|
Generate the token file; ## kubeconfig_sec
## Generate secure kubeconfig's
##
cmd_kubeconfig_sec() {
local cfg=$dir/default/etc/kubernetes/kubeconfig
export KUBECONFIG=$cfg.token
cp $cfg $KUBECONFIG
kubectl config set-cluster xcluster --server=https://192.168.1.1:6443
kubectl config set-cluster xcluster --insecure-skip-tls-verify=true
kubectl config set-credentials root --token=kallekula
} |
My /srv/kubernetes/known_tokens.csv
|
we found a few workarounds for this:
the hack/ recipes are up to date now and working... closing... thanks for your help ulabrek and mikael ... We have a new issue though, where somehow |
We have a new development recipe in the PR #5 .... When i run it, everything comes up however
dial tcp 10.96.0.1:443: i/o timeout
.to reproduce, you can directly run the hack/local-up-kpng.sh script (uncomment all 3 functions to reproduce from source
It appears that the kube-proxy rules routing to the APIServer arent working.
If possible would like to use that dev recipe as a starting point, merge it, and then fix whatever the routing issue is.
I suppose maybe its a chicken/egg thing , i.e. the KPNG nftables rules , when setup to access the apiserver through the service IP dont work bc KPNG isnt up yet....
Im not sure how kube-proxy normally solves this -
The text was updated successfully, but these errors were encountered: