pod-gateway icon indicating copy to clipboard operation
pod-gateway copied to clipboard

Published 20 hours ago verified publisher icon angelnu

init container not running completely.

Open faisalbasha19 opened this issue 2 years ago • 4 comments

Details

What steps did you take and what happened:

I cloned the repo https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway which is basically the helm chart to deploy pod-gateway. This chart refers to the image created via this git source code. The pods seem to be in a running state, so I don''t have a problem with the chart. But when I create a test pod under the namespace vpn the gateway admission controller receives a request that invokes the webhook server present within this pod and injects an init container which executes the client_init.sh script but this container gets shutdown or terminated halfway as it doesn't get the K8S_GW_IP.

Please see screenshots below:

vpninit01 vpnpodgateways

The logs of the testpod within the vpn namespace:

testpod-vpnns

What did you expect to happen: Expected the testpod to run and route traffic via the pod gateway.

Anything else you would like to add:

Additional Information:

faisalbasha19 avatar Nov 30 '22 22:11 faisalbasha19

Please try the helm chart at https://github.com/angelnu/helm-charts as the charts at k8s-at-home are not longer maintained.

This problem might be solved by https://github.com/angelnu/pod-gateway/pull/2 So you need https://github.com/angelnu/pod-gateway/releases/tag/v1.8.1

angelnu avatar Nov 30 '22 23:11 angelnu

Hi,

I deployed the helm chart from https://github.com/angelnu/helm-charts, as well I took the https://github.com/angelnu/pod-gateway/releases/tag/v1.8.1 and deployed the pods. I created a pod in the vpn namespace the admission gateway controller successfully ran the client_init.sh scripts and others as well. I have enabled the vpn and also supplied the certs/conf within the pod-gateway. But I am still not able to ping 192.168.10.221 which is a destination that I need to reach via the openvpn.

Here is the screenshot of the config that I have supplied:

terminalappvpnnamespace-iproute

what am I doing wrong here ?

faisalbasha19 avatar Dec 06 '22 16:12 faisalbasha19

@faisalbasha19 - this will need debugging step by step:

  • please post the logs from both the pod-gateway and and client pod with the latest helm chart and latest pod-gateway containers. As you have the vxlan device on in your last log then I assume the init error from before is gone.
  • can you ping 172.16.0.1 from the client pod (so the vxlan is working)

As the 192.168.0.0/16 range is routed through eth0 and not the vxlan then the problem is not the tunnel or the gateway but likely the network policy. Did you define a networkpolicy similar to https://github.com/angelnu/k8s-gitops/blob/main/core/vpn/networkPolicy.yaml ? In my case I do not allow any traffic to leave the namespace except that going to other cluster namespaces.

angelnu avatar Jan 22 '23 20:01 angelnu

can you ping 172.16.0.1 from the client pod (so the vxlan is working)

i am facing similar issue, the default route through the vxlan0 does not start up in the init container: https://github.com/angelnu/pod-gateway/issues/18

@faisalbasha19 have you checked this out ? might help: https://docs.k8s-at-home.com/guides/pod-gateway/#routed-pod-fails-to-init

dberardo-com avatar Mar 03 '23 17:03 dberardo-com