kt-connect icon indicating copy to clipboard operation
kt-connect copied to clipboard

Published 20 hours ago verified publisher icon alibaba

0.3.6 使用 ktctl --debug connect 连接时报错(Exit: connect to port-forward failed)

Open little-hang opened this issue 2 years ago • 1 comments

Describe the bug 启动命令为:ktctl --debug -i registry.cn-hangzhou.aliyuncs.com/rdc-incubator/kt-connect-shadow:v0.3.6 -c /data/_qa/***/.kube/config --namespace qatest --dnsCacheTtl 600 --useLocalTime connect

Log 7:19PM DBG Background task log to /tmp/kt-3788323719 7:19PM INF Using cluster context [email protected] (cluster.local) 7:19PM INF KtConnect 0.3.6 start at 25383 (linux amd64) 7:19PM INF Using tun2socks mode 7:19PM DBG Found local domains: .com 7:19PM DBG Find 0 kt pods 7:19PM DBG Private Key generated 7:19PM DBG Public key generated 7:19PM INF Successful create config map kt-connect-shadow-ihdjd 7:19PM INF Deploying shadow pod kt-connect-shadow-ihdjd in namespace qatest 7:19PM INF Waiting for pod kt-connect-shadow-ihdjd ... 7:19PM INF Pod kt-connect-shadow-ihdjd is ready 7:19PM DBG Using port 50962 7:19PM DBG Request port forward pod:22 -> local:50962 via https://10.31.77.:6443 7:19PM INF Port forward local:50962 -> pod kt-connect-shadow-ihdjd:22 established 7:19PM INF Socks proxy established 7:19PM INF Tun device kt0 is ready 7:19PM DBG Service CIDR are: [10.233.0.0/16] 7:19PM DBG Pod CIDR are: [10.233.0.0/16 10.31.0.0/16 10.232.206.35/32] 7:19PM DBG Using cluster IP 10.31.77.15 7:19PM DBG Cluster CIDR are: [10.233.0.0/16 10.233.0.0/16 10.31.0.0/16 10.232.206.35/32] 7:19PM DBG Task /usr/sbin/ip with args [ip link set dev kt0 up] 7:19PM INF Adding route to 10.233.0.0/16 7:19PM DBG Task /usr/sbin/ip with args [ip route add 10.233.0.0/16 dev kt0] 7:19PM INF Adding route to 10.233.0.0/16 7:19PM DBG Task /usr/sbin/ip with args [ip route add 10.233.0.0/16 dev kt0] 7:19PM WRN Failed to set route 10.233.0.0/16 to tun device 7:19PM INF Adding route to 10.31.0.0/16 7:19PM DBG Task /usr/sbin/ip with args [ip route add 10.31.0.0/16 dev kt0] 7:19PM INF Adding route to 10.232.206.35/32 7:19PM DBG Task /usr/sbin/ip with args [ip route add 10.232.206.35/32 dev kt0] 7:19PM WRN Some route rule is not setup properly 7:19PM DBG Task /usr/sbin/ip with args [ip route show] 7:19PM WRN Skipped route to [10.232.206.35/32] 7:19PM INF Route to tun device completed 7:19PM INF Setting up dns in local mode 7:19PM DBG Dump hosts successful 7:19PM DBG Using port 60382 7:19PM DBG Request port forward pod:53 -> local:60382 via https://10.31.77.:6443 7:19PM DBG Port forward reconnecting ... 7:19PM DBG Request port forward pod:22 -> local:50962 via https://10.31.77.:6443 7:19PM ERR Exit: connect to port-forward failed 7:19PM DBG Cleaning workspace 7:19PM INF Removed pid file /root/.kt/pid/connect-25383.pid 7:19PM INF Removed key file /root/.kt/key/kt-connect-shadow-ihdjd.key 7:19PM DBG Dropping hosts records ... 7:19PM DBG Received event "/root/.kt/pid/connect-25383.pid": REMOVE 7:19PM INF Pid file was removed 7:19PM INF Drop hosts successful 7:19PM INF Cleaning configmap kt-connect-shadow-ihdjd 7:19PM ERR Delete configmap kt-connect-shadow-ihdjd failed error="Delete "https://10.31.77.15:6443/api/v1/namespaces/qatest/configmaps/kt-connect-shadow-ihdjd": net/http: TLS handshake timeout" 7:19PM INF Cleaning shadow pod kt-connect-shadow-ihdjd 7:19PM ERR Failed to setup port forward local:60382 -> pod kt-connect-shadow-ihdjd:53 error="error upgrading connection: error sending request: Post "https://10.31.77.:6443/api/v1/namespaces/qatest/pods/kt-connect-shadow-ihdjd/portforward": read tcp 10.232.21.39:37552->10.31.77.:6443: read: connection reset by peer" 7:19PM DBG Port forward local:50962 -> pod kt-connect-shadow-ihdjd:22 interrupted error="error upgrading connection: error sending request: Post "https://10.31.77.:6443/api/v1/namespaces/qatest/pods/kt-connect-shadow-ihdjd/portforward": read tcp 10.232.21.39:37734->10.31.77.:6443: read: connection reset by peer" 7:19PM ERR Delete shadow pod kt-connect-shadow-ihdjd failed error="Delete "https://10.31.77.:6443/api/v1/namespaces/qatest/pods/kt-connect-shadow-ihdjd": read tcp 10.232.21.39:38224->10.31.77.*:6443: read: connection reset by peer"

Environment (please complete the following information):

  • OS: os
  • Kubernetes: v1.16.15
  • KT Version : 0.3.6

@linfan

little-hang avatar Jul 19 '22 11:07 little-hang

启动时候加一个 --excludeIps 10.31.0.0/16 参数先绕过一下。这个是一个已知的路由合并BUG,在某些环境下会导致API Server所在的IP段被误纳入为集群IP范围,导致Port Forward失败。

近期会发布beta版本修复。

linfan avatar Jul 29 '22 09:07 linfan