kt-connect icon indicating copy to clipboard operation
kt-connect copied to clipboard

Published 20 hours ago verified publisher icon alibaba

执行kt connect 后访问不了其它网站了

Open ystyle opened this issue 2 years ago • 3 comments

Describe the bug 执行kt connect 后访问不了其它网站了

Log


 ystyle@Archlinux  ~/Code/CangJie/ui-demo  sudo ktctl --debug --kubeconfig=/home/ystyle/.kube/config connect
5:37PM INF KtConnect 0.3.1 start at 1284570 (linux)
5:37PM DBG Private Key generated
5:37PM DBG Public key generated
5:37PM INF Successful create config map kt-connect-shadow-jtqcj
5:37PM INF Deploying shadow pod kt-connect-shadow-jtqcj in namespace default
5:37PM INF Waiting for pod kt-connect-shadow-jtqcj ...
5:37PM INF Pod kt-connect-shadow-jtqcj is ready
5:37PM DBG Using port 10941
5:37PM DBG Request port forward pod:22 -> local:10941 via https://rancher.domain.com/k8s/clusters/c-m-5h4tq7hp
5:37PM DBG Waiting for port forward (dial tcp :10941: connect: connection refused), retry: 1
5:37PM DBG Execute command [nslookup -vc kubernetes.default.svc] in kt-connect-shadow-jtqcj:standalone
Forwarding from 127.0.0.1:10941 -> 22
Forwarding from [::1]:10941 -> 22
5:37PM DBG Active DNS Server:		10.43.0.10
Handling connection for 10941
5:37PM INF Port forward connection established
Handling connection for 10941
INFO[0015] [STACK] tun://kt0 <-> socks5://127.0.0.1:2223 
5:37PM INF Tun device kt0 is ready
5:37PM DBG Pod CIDR is [10.42.0.0/24 10.42.1.0/24]
5:37PM DBG Service CIDR is [10.43.0.0/16]
5:37PM DBG Task name = /usr/bin/ip, cmd.Args = [ip link set dev kt0 up]
5:37PM DBG Start /usr/bin/ip at pid: 1284758
5:37PM DBG Task name = /usr/bin/ip, cmd.Args = [ip route add 10.42.0.0/24 dev kt0]
5:37PM DBG Start /usr/bin/ip at pid: 1284759
5:37PM DBG Task name = /usr/bin/ip, cmd.Args = [ip route add 10.42.1.0/24 dev kt0]
5:37PM DBG Start /usr/bin/ip at pid: 1284760
5:37PM DBG Task name = /usr/bin/ip, cmd.Args = [ip route add 10.43.0.0/16 dev kt0]
5:37PM DBG Start /usr/bin/ip at pid: 1284764
5:37PM INF Route to tun device completed
5:37PM INF Setting up dns in local mode
5:37PM DBG Search service in default namespace ...
5:37PM DBG Service found: kubernetes.default 10.43.0.1
5:37PM DBG Service found: job-db.default 10.43.163.109
5:37PM DBG Service found: job-admin.default 10.43.248.45
5:37PM DBG Headless service found: job-executor.default 10.42.1.10
5:37PM DBG Service found: redis-service.default 10.43.72.153
5:37PM DBG Service found: xxx-acs-server.default 10.43.170.198
5:37PM DBG Service found: xxx-aicrm-admin.default 10.43.157.221
5:37PM DBG Service found: xxx-aicrm-gateway.default 10.43.217.156
5:37PM DBG Service found: xxx-aicrm-main.default 10.43.63.225
5:37PM DBG Service found: grafana.default 10.43.92.7
5:37PM DBG Service found: jaeger-ui.default 10.43.159.211
5:37PM DBG Service found: xxx-aicrm-gateway-2.default 10.43.249.45
5:37PM DBG Service found: redis-with-persistence.default 10.43.93.189
5:37PM DBG Service found: xxx-acs-mp.default 10.43.45.67
5:37PM DBG Service found: xxx-aicrm-gateway-1.default 10.43.174.127
5:37PM DBG Headless service found: aisinogz.default 10.42.1.9
5:37PM DBG Service found: xxx-em-server.default 10.43.182.242
5:37PM DBG Service found: xxx-em-work.default 10.43.126.29
5:37PM DBG Service found: xxx-micro-frontend.default 10.43.168.188
5:37PM DBG Headless service found: xxx-micro-local.default 10.42.1.9
5:37PM DBG Service found: xxx-aicrm-job-nodeport.default 10.43.201.176
5:37PM DBG Service found: xxx-aicrm-main-nodeport.default 10.43.53.193
5:37PM DBG Service found: xxx-bd-server.default 10.43.10.7
5:37PM DBG Service found: xxx-bd-admin.default 10.43.141.139
5:37PM DBG Service found: xxx-tenant-server.default 10.43.169.128
5:37PM DBG Service found: xxx-parking-server.default 10.43.222.144
5:37PM DBG Service found: xxx-sales-server.default 10.43.225.68
5:37PM DBG Service found: xxx-snap.default 10.43.226.18
5:37PM DBG Service found: xxx-aicrm-job.default 10.43.182.117
5:37PM DBG Headless service found: ocr-server.default 10.42.1.9
5:37PM DBG Service found: xxx-parking-realty.default 10.43.6.30
5:37PM DBG Service found: xxx-parking-control.default 10.43.43.100
5:37PM DBG Service found: mysql-service.default 10.43.249.51
5:37PM DBG Dump hosts successful
5:37PM DBG Using port 1734
5:37PM DBG Waiting for port forward (dial tcp :1734: connect: connection refused), retry: 1
5:37PM DBG Request port forward pod:53 -> local:1734 via https://rancher.domain.com/k8s/clusters/c-m-5h4tq7hp
Forwarding from 127.0.0.1:1734 -> 53
Forwarding from [::1]:1734 -> 53
5:37PM DBG Service xxx-sales-server added
5:37PM DBG Service xxx-parking-realty added
5:37PM DBG Service job-admin added
5:37PM DBG Service xxx-parking-server added
5:37PM DBG Service xxx-parking-control added
5:37PM DBG Service xxx-acs-server added
5:37PM DBG Service redis-with-persistence added
5:37PM DBG Service xxx-tenant-server added
5:37PM DBG Service mysql-service added
5:37PM DBG Service xxx-em-work added
5:37PM DBG Service xxx-micro-local added
5:37PM DBG Service job-executor added
5:37PM DBG Service xxx-aicrm-job-nodeport added
5:37PM DBG Service xxx-em-server added
5:37PM DBG Service jaeger-ui added
5:37PM DBG Service xxx-aicrm-gateway-2 added
5:37PM DBG Service aisinogz added
5:37PM DBG Service xxx-micro-frontend added
5:37PM DBG Service job-db added
5:37PM DBG Service redis-service added
5:37PM DBG Service xxx-aicrm-gateway added
5:37PM DBG Service grafana added
5:37PM DBG Service xxx-aicrm-job added
5:37PM DBG Service xxx-aicrm-main added
5:37PM DBG Service ocr-server added
5:37PM DBG Service xxx-acs-mp added
5:37PM DBG Service xxx-aicrm-gateway-1 added
5:37PM DBG Service xxx-bd-server added
5:37PM DBG Service kubernetes added
5:37PM DBG Service xxx-aicrm-admin added
5:37PM DBG Service xxx-aicrm-main-nodeport added
5:37PM DBG Service xxx-bd-admin added
5:37PM DBG Service xxx-snap added
Handling connection for 1734
5:37PM INF Port forward connection established
5:37PM DBG Setup local DNS with shadow pod 127.0.0.1:1734 and upstream 192.168.8.1:53
5:37PM INF Creating udp dns on port 10053
5:37PM DBG Task name = /usr/bin/iptables, cmd.Args = [iptables --table nat --insert OUTPUT --proto udp --dest 127.0.0.1/32 --dport 53 --jump REDIRECT --to-ports 10053]
5:37PM DBG Start /usr/bin/iptables at pid: 1284818
5:37PM INF ---------------------------------------------------------------
5:37PM INF  All looks good, now you can access to resources in the kubernetes cluster
5:37PM INF ---------------------------------------------------------------
Handling connection for 1734
Handling connection for 1734
Handling connection for 1734
Handling connection for 1734
5:37PM DBG Found domain ping.archlinux.org. (1) in cluster dns (127.0.0.1:1734)
5:37PM DBG Found domain ping.archlinux.org. (1) in cluster dns (127.0.0.1:1734)
5:37PM DBG Found domain ping.archlinux.org. (28) in cluster dns (127.0.0.1:1734)
5:37PM DBG Found domain ping.archlinux.org. (28) in cluster dns (127.0.0.1:1734)
Handling connection for 1734
Handling connection for 1734
Handling connection for 1734
5:38PM DBG Found domain servicewechat.com. (1) in cluster dns (127.0.0.1:1734)
5:38PM DBG Found domain servicewechat.com. (1) in cluster dns (127.0.0.1:1734)
5:38PM DBG Empty answer for domain lookup servicewechat.com. (28)
Handling connection for 1734
Handling connection for 1734
5:38PM DBG Found domain rancher.domain.com. (1) in cluster dns (127.0.0.1:1734)
5:38PM DBG Empty answer for domain lookup rancher.domain.com. (28)
Handling connection for 1734
5:38PM DBG Found domain cube.weixinbridge.com. (1) in cluster dns (127.0.0.1:1734)
Handling connection for 1734
5:38PM DBG Found domain report.url.cn. (1) in cluster dns (127.0.0.1:1734)
Handling connection for 1734
5:38PM DBG Found domain dns.weixin.qq.com. (1) in cluster dns (127.0.0.1:1734)
Handling connection for 1734
Handling connection for 1734
Handling connection for 1734
Handling connection for 1734

Environment (please complete the following information):

  • OS: archlinux
  • Kubernetes v1.21.4+k3s1
  • KT Version 0.3.1

Additional context Add any other context about the problem here.

ystyle avatar Mar 15 '22 09:03 ystyle

话说这是个已知问题么?

ystyle avatar Mar 15 '22 09:03 ystyle

今天发现用sudo ktctl --kubeconfig=/home/ystyle/.kube/config connect --dnsMode hosts这个不会影响到本机的网络

ystyle avatar Mar 16 '22 03:03 ystyle

是个已知问题,Linux下默认的localDNS网络模式会修改全局iptables规则将所有DNS请求从定向给ktctl进程,ktctl将作为原DNS服务的子级DNS服务使用,在ktctl进程正常退出时会还原相应的网络配置。 如果此时ktctl进程异常退出或无法与原网络的DNS服务器通信,则会导致无法解析原DNS包含的域名,可以在ktctl connect退出后通过ktctl clean命令手动还原本地网络配置。直接使用--dnsMode=hosts模式运行ktctl connect也是一种可取的办法,这种模式不会修改本地iptables规则。

linfan avatar Mar 21 '22 03:03 linfan