tor-controller
tor-controller copied to clipboard
bugfest
[REQUEST] Target Cluster IP
Is your feature request related to a problem? Please describe. I'm not sure I'm doing anything wrong. When I deploy onionbalancedservices together with Ghost, for example, it works. But if I redeploy Ghost, it changes its internal IP address including the service and onion (Target Cluster IP) points to a blank space.
Describe the solution you'd like Couldn't it be modified to refer to a name that will be different but the same?
Describe alternatives you've considered Deleting and re-creating the OnionService helps
Additional context
Namespace: ghost
Labels: app.kubernetes.io/instance=tor-apps
Annotations: <none>
API Version: tor.k8s.torproject.org/v1alpha2
Kind: OnionBalancedService
[...]
Status:
Backends:
ghost-onion-service-tor-obb-1:
Hostname: ***.onion
Target Cluster IP: 10.233.38.53
ghost-onion-service-tor-obb-2:
Hostname: ***.onion
Target Cluster IP: 10.233.1.13
Hostname: ***.onion
Target Cluster IP: 10.233.37.155
Events: <none>
Hi @hufhend, does your onion service stop working when you update your backend (ghost)?
Yes it is, when updating, but also when forced to move to another node. I think it is related to the change of the internal IP address.
Yes, I'm posting here, just starring the hostname:
apiVersion: v1
items:
- apiVersion: tor.k8s.torproject.org/v1alpha2
kind: OnionBalancedService
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"tor.k8s.torproject.org/v1alpha2","kind":"OnionBalancedService","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"tor-apps"},"name":"ghost-onion-service","namespace":"tor-controller"},"spec":{"backends":2,"privateKeySecret":{"name":"my-full-onion-secret"},"template":{"spec":{"extraConfig":"HiddenServiceEnableIntroDoSDefense 1\n","rules":[{"backend":{"service":{"name":"ghost-tor","port":{"number":80}}},"port":{"number":80}}],"version":3}}}}
creationTimestamp: "2024-04-28T20:20:06Z"
generation: 1
labels:
app.kubernetes.io/instance: tor-apps
name: ghost-onion-service
namespace: tor-controller
resourceVersion: "78844440"
uid: 78a78746-971e-4830-b4f5-526f42af5bd0
spec:
backends: 2
privateKeySecret:
name: my-full-onion-secret
serviceMonitor: false
template:
spec:
extraConfig: |
HiddenServiceEnableIntroDoSDefense 1
rules:
- backend:
service:
name: ghost-tor
port:
number: 80
port:
number: 80
serviceMonitor: false
version: 3
version: 3
status:
backends:
ghost-onion-service-tor-obb-1:
hostname: *****.onion
targetClusterIP: 10.233.18.234
ghost-onion-service-tor-obb-2:
hostname: *****.onion
targetClusterIP: 10.233.7.186
hostname: |
*****.onion
targetClusterIP: 10.233.57.78
kind: List
metadata:
resourceVersion: ""
I was wondering, could the fact that I'm deploying it via ArgoCD affect the functionality?
I don't think Argo does has anything to do with your issue. As per your config, the Tor instance should be resolving the service ghost-tor and then exposing that port (tcp/80) over the Tor network as hidden service. The targetClusterIPs are the Onion Balancer instance's. Do the same happen when using a simple Onion Service (not the onion balanced one)?
I understand. I confess I don't know. I'll edit it and try it. I just noticed that here as targetClusterIP, the value is correct after ghost (or wordpress) starts if it starts all together. On a new deployment it stays the same and points to nothing.
Tried and tested. Yes, this happens even when using the simple Onion Service