telepresence
telepresence copied to clipboard
telepresenceio
Cannot connect to other service: "unable to connect to remote host: No route to host"
When intercepting a service, DNS resolution succeeds, but connecting to the IP fails with "No route to host". This prevents running the application locally as the other service is the in-cluster database that it needs to connect to.
To Reproduce Steps to reproduce the behavior:
- When I run 'telepresence intercept my-application --namespace application'
- I see that it intercepts correctly (by i.e. using a static web server)
- But when starting the application locally that will be handling the intercepted traffic, I cannot connect to other services in the cluster, I get back
No route to host. - However when I curl the default namespace (e.g.
https://kubernetes.default), I do get back a response.
Expected behavior Services inside the cluster are reachable by using their name
Versions (please complete the following information):
telepresence version
Client: v2.7.2 (api v3)
Root Daemon: v2.7.2 (api v3)
User Daemon: v2.7.2 (api v3)
- OS: Arch LInux, kernel 5.19.7-arch1-1
- Kubernetes environment: Minikube, minikube version: v1.26.1 VPN-related bugs: No VPN
Additional context
The service that I'm intercepting and the service that I'm trying to reach are in different namespaces.
When doing curl -ik https://kubernetes.default I do get a response, so it seems that I can reach items in the default namespace.
I haven't used telepresence with minikube, ill have to play with it. To try to narrow down the problem, can you curl <service_you_are_trying_to_reach>.<namespace_of_that_service>:<port> and let me know what curl says?
Is it the same problem? detailed here: https://github.com/telepresenceio/telepresence/issues/2746
I haven't used telepresence with minikube, ill have to play with it. To try to narrow down the problem, can you
curl <service_you_are_trying_to_reach>.<namespace_of_that_service>:<port>and let me know what curl says?
curl gives
curl: (7) FAiled to connect to mysql.mysql port 80 after 3049ms: No route to host"
Hi @MidasLamb, just a note that you can use Minikube with Telepresence as long you’re using it on the same machine as Telepresence because Minikube uses local host and doesn’t expose a network device that would allow Telepresence to connect to it.
Can you try that same curl command but with the -v (verbose) flag? If Telepresence is able to resolve the IP address, there might be some networking issue/policy that's not allowing you to connect to your service.
@cindymullins-dw , I can curl services in the same namespace as the one I'm intercepting, just nothing in another namespace. So this leads me to believe that it's an issue with telepresence (Since it gives me a bit of access to the cluster, but not everything). I don't have any sort of RBAC or limiting factors in that sense in the cluster.
When trying to curl -v something in another namespace (i.e. the database):
curl -v mysql.mysql:3306
* Trying 172.17.0.31:3306...
* connect to 172.17.0.31 port 3306 failed: No route to host
* Failed to connect to mysql.mysql port 3306 after 3042 ms: No route to host
* Closing connection 0
curl: (7) Failed to connect to mysql.mysql port 3306 after 3042 ms: No route to host
DNS resolution is successful and correct, but it just can't be reached.
Could also be that I'm misunderstanding the --namespace parameter, but I can't seem to find anything that would limit the namespaces that it can reach or something along those lines? And without it, the intercept tries to use the default namespace to find the service.
It looks like Telepresence is doing DNS resolution but there may be something else like a network policy preventing the connection between Telepresence and the specific namespace. Telepresence doesn’t implement any network restrictions itself. If you test on a newer version please let us know if the issue persists.
failed to connect The destination sarbindk.github.io is not reachable. Contact your IT administrator with the following error: No route to host
