carvel-dev / kwt Goto Github PK

View Code? Open in Web Editor NEW

155.0 18.0 12.0 13.43 MB

Kubernetes Workstation Tools CLI

License: Apache License 2.0

Shell 2.00% Go 97.76% Dockerfile 0.24%

kubernetes networking developer-tools k8s cli devops carvel

kwt's People

Contributors

Stargazers

Watchers

Forkers

drnic cameronbraid ktpv danielhelfand clix-dev-llc microwavables a-b homburg mattjurenka mingshun vangie pmalek

kwt's Issues

[dns] resolution fails on linux if running avahi-daemon

If running avahi on Linux, it seems that it takes priority over the cluster.local. stub. dig works fine as that bypasses mDNS. Disabling avahi fixes name resolution.

[dns] flaky integration test: TestNetListen

fails 1/200 or so.

=== RUN   TestNetListen
==> Clean up net access endpoint
Running 'kwt net clean-up'...
==> Starting net start in background
==> Wait for forwarding to be ready
Running 'kwt net start --tty'...
==> Clean up net access endpoint
Running 'kwt net clean-up'...
==> Starting net listen in background
==> Wait for forwarding to be ready
Running 'kwt net listen --tty --local localhost:8080 --service kwt-listen-web'...
==> Wait service to be available
Running 'kwt net svc --json'...
==> Test network accessibility to the HTTP service (web) via 'http://kwt-listen-web.kwt-ebdd4cea962bff63254e23bc372ed54f.svc.cluster.local'
listen cmd output: 
04:54:47PM: info: KubeEntryPoint: Creating networking client secret 'kwt-net-ssh-key' in namespace 'kwt-ebdd4cea962bff63254e23bc372ed54f'...
04:54:47PM: info: KubeEntryPoint: Creating networking host secret 'kwt-net-host-key' in namespace 'kwt-ebdd4cea962bff63254e23bc372ed54f'...
04:54:49PM: info: KubeEntryPoint: Creating networking pod 'kwt-net' in namespace 'kwt-ebdd4cea962bff63254e23bc372ed54f'
04:54:49PM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'kwt-ebdd4cea962bff63254e23bc372ed54f' to start...
04:54:54PM: info: ListenOptions: Forwarding 80->localhost:8080
04:54:54PM: info: ListenOptions: Ready!
04:54:54PM: info: TCPProxy: Started proxy on dummy-addr

==> Terminating net command tailing
==> Clean up net access endpoint
Running 'kwt net clean-up'...
start cmd output: 
04:54:37PM: info: KubeEntryPoint: Creating networking client secret 'kwt-net-ssh-key' in namespace 'default'...
04:54:37PM: info: KubeEntryPoint: Creating networking host secret 'kwt-net-host-key' in namespace 'default'...
04:54:38PM: info: KubeEntryPoint: Creating networking pod 'kwt-net' in namespace 'default'
04:54:38PM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'default' to start...
04:54:43PM: info: dns.FailoverRecursorPool: Starting with '8.8.8.8:53'
04:54:43PM: info: dns.DomainsMux: Registering cluster.local.->kube-dns
04:54:43PM: info: TCPProxy: Started proxy on 127.0.0.1:41245
04:54:43PM: info: UDPProxy: Started proxy on 127.0.0.1:33397
04:54:43PM: info: dns.Server: Started DNS server on 127.0.0.1:34835 (TCP) and 127.0.0.1:39304 (UDP)
04:54:43PM: info: ForwardingProxy: Forwarding subnets: 10.4.4.20/14, 10.128.0.7/14
04:54:43PM: info: ForwardingProxy: Ready!
04:54:55PM: info: dns.CustomHandler: AAAA:kwt-listen-web.kwt-ebdd4cea962bff63254e23bc372ed54f.svc.cluster.local.: Answering rcode=0 (46.866µs)
04:54:55PM: info: dns.CustomHandler: A:kwt-listen-web.kwt-ebdd4cea962bff63254e23bc372ed54f.svc.cluster.local.: Answering rcode=0 (6.031184ms)
04:54:55PM: info: TCPProxy: Received 10.254.0.182:32946
04:54:55PM: info: KubeEntryPoint: Creating networking client secret 'kwt-net-ssh-key' in namespace 'default'...
04:54:55PM: info: KubeEntryPoint: Creating networking host secret 'kwt-net-host-key' in namespace 'default'...
04:54:57PM: info: KubeEntryPoint: Creating networking pod 'kwt-net' in namespace 'default'
04:54:57PM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'default' to start...
04:57:12PM: error: TCPProxy: Could not establish remote connection to '10.7.244.158:80': ssh: rejected: connect failed (Connection timed out)

==> Terminating net command tailing
==> Clean up net access endpoint
Running 'kwt net clean-up'...
--- FAIL: TestNetListen (161.78s)
	network_probe.go:38: Error making HTTP request: Get http://kwt-listen-web.kwt-ebdd4cea962bff63254e23bc372ed54f.svc.cluster.local: read tcp 10.254.0.182:32946->10.7.244.158:80: read: connection reset by peer

Release process is failing

What steps did you take:
When pushing a tag to use the new release process the GitHub action fails.

What happened:
This is the failed execution https://github.com/carvel-dev/kwt/actions/runs/6276753560

What did you expect:
That the release process works

Anything else you would like to add:
The problem is that goreleser and the normal build gives different SHA's we need to understand why.

Environment:

kwt version (execute kwt version): NA

Flag to automatically clean up

Describe the problem/challenge you have
It would be nice to have a flag like --rm which you can pass to start to automatically clean up when you Cntrl+C.

Describe the solution you'd like
A --rm (or similar) flag for start to cleanup the secrets and pod when kwt is interrupted

[workspace] non-default images do not support injecting inputs?

$ kwt workspace create -i app=. --rm --enter
... works as expected

$ kwt workspace create -i app=. --rm --enter --image ubuntu:18.04
Name        w-gdjm5
Image       ubuntu:18.04
Ports       -
Privileged  false

[2018-10-16T11:35:13+10:00] Waiting for workspace...

[2018-10-16T11:35:18+10:00] Uploading input 'app'...

[2018-10-16T11:35:19+10:00] Finished uploading input 'app'...

[2018-10-16T11:35:19+10:00] Deleting workspace...

Error: Removing remote directory: Execution error: unable to upgrade connection: container not found ("debug") (stderr:  [optional])

Also failed are golang and golang:alpine images.

--watch not receiving new files nor updates to existing files

I tried out --watch:

$ kwt workspace create --rm --enter --input app=. --watch

I modified a preexisting file locally but did not see the changes inside the container.

I created a new file locally but did not see the file created inside the container.

Protips for using --watch or debugging?

[net] support externalname services

via slack

Question re "kwt net start --dns-map-exec"

sudo -E kwt net start --dns-map-exec ./lookup-domains.sh

How often/what causes ./lookup-domains.sh to be run a 2nd+ time? I am only seeing it run the first time.

Build and install Linux and Apple Silicon-targeted versions of kwt

see vmware-tanzu/carvel#218

Do it like we do for ytt.

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

consider support stacked kubeconfig environment

What steps did you take:

$ sudo -E kwt net start

What happened:

Error: Building Kubernetes config: stat :/Users/furkan.turkal/.kube/config:/Users/furkan.turkal/.kube/config-aws:/Users/furkan.turkal/.kube/config-gcloud:/Users/furkan.turkal/.kube/config-local: no such file or directory

What did you expect:
It should parse stacked-kubeconfigs?

Anything else you would like to add:

$ echo $KUBECONFIG
:/Users/furkan.turkal/.kube/config:/Users/furkan.turkal/.kube/config-aws:/Users/furkan.turkal/.kube/config-gcloud:/Users/furkan.turkal/.kube/config-local

The following one works like a charm!

KUBECONFIG=/Users/furkan.turkal/.kube/config sudo -E kwt net start

Environment:

kwt version (execute kwt version): Client Version: 0.0.6

This is just a low-priority issue, dropping here, so we don't forget. Thanks.

support ARM64

Describe the problem/challenge you have
Cannot install on MBP with M1 cpu

[dns] retry connection on 'unexpected packet in response to channel open' error

after computer came back from sleep

07:24:43PM: debug: mdns.LocalIfaceMsgFilter: Checking on: 10.81.130.170:5353
ERROR: logging before flag.Parse: E1003 19:24:43.951572   39341 portforward.go:178] lost connection to pod
07:24:43PM: debug: KubePortForward: Finished port forwarding (err: %!s(<nil>))
07:24:43PM: debug: ReconnSSHClient: Received err: ssh: unexpected packet in response to channel open: <nil> (isEOF: false)
07:24:43PM: error: TCPProxy: Could not establish remote connection to '10.19.244.221:80': ssh: unexpected packet in response to channel open: <nil>
07:24:43PM: debug: mdns.LocalIfaceMsgFilter: Checking on: 10.81.130.170:5353

SRV dns records support

I have headless services, they don't work for me.
The same one works with telepresence.

how to use serviceaccount for private docker registry?

If I want to run kwt workspace create --image myregistry.com/myimage:latest, how do I provide private registry credentials? I think the low-level question is, how do I attach a serviceaccount (like we setup in knctl deploy tutorials) to kwt workspace create commands?

investigate why mdnsresponder has enourmous ttl with no response

default	11:13:11.532148 -0700	mDNSResponder	378    105621 -U-    - Addr     0 srv3.default.my-domain.test. Addr

kwt snap packaging

I would like to share some work on packaging kwt as a snap and kindly ask for your feedback and thoughts.

You can find the source on github.com/ipolyzos/kwt-snap while the snaps can be downloaded directly from the snapcraft store (currently versions v0.0.4 and v0.0.5 are already available).

Cant get pod A records to resolve

Is this supported by kwt ?

dns lookup via kubedns directly :

> docker exec -it kind-control-plane2 dig kafka-kafka-0.kafka-kafka-brokers.drivenow-staging-z.svc.cluster.local @10.244.1.2
...
;; QUESTION SECTION:
;kafka-kafka-0.kafka-kafka-brokers.drivenow-staging-z.svc.cluster.local.	IN A

;; ANSWER SECTION:
kafka-kafka-0.kafka-kafka-brokers.drivenow-staging-z.svc.cluster.local.	8 IN A 10.244.2.24

;; Query time: 0 msec
;; SERVER: 10.244.1.2#53(10.244.1.2)
...

dns lookup via kwt net

> dig kafka-kafka-0.kafka-kafka-brokers.drivenow-staging-z.svc.cluster.local
...
;; QUESTION SECTION:
;kafka-kafka-0.kafka-kafka-brokers.drivenow-staging-z.svc.cluster.local.	IN A

;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
...

Issue building from source

$ go version
go version go1.13 darwin/amd64
$ dep ensure
$ git status
	modified:   Gopkg.lock
	modified:   vendor/golang.org/x/crypto/ssh/mux.go
$ ./hack/build.sh
+ go fmt ./cmd/... ./pkg/... ./test/...
+ go build ./cmd/...
# github.com/k14s/kwt/pkg/kwt/net/dstconn
pkg/kwt/net/dstconn/ssh_client.go:109:26: undefined: ssh.UnexpectedPackerErr

/cc @cppforlife

[go] move to Go Modules

Next time you're playing on kwt, could we switch to Go Modules?

[dns] resolve service using internal (short) name?

Given a svc with the following FQDN:

foo.default.svc.cluster.local

is there a configuration option that will allow me to resolve using the "short" name:

foo.default

proactively restart connection to ssh server

error visible "Could not establish remote connection to ..." even though dst is fine

kwt net fails to start, dns doesnt resolve

kwt version
Client Version: 0.0.6

Succeeded

Running kwt never reaches the "ForwardingProxy: Ready" log line as in the README

sudo -E kwt net start --debug
02:37:21PM: debug: KubeSubnets: Finished fetching pods (53) and services (29) in 29.67472ms
02:37:21PM: debug: ReconnSSHClient: Trying to reconnect SSH client
02:37:21PM: info: KubeEntryPoint: Creating networking client secret 'kwt-net-ssh-key' in namespace 'default'...
02:37:21PM: info: KubeEntryPoint: Creating networking host secret 'kwt-net-host-key' in namespace 'default'...
02:37:21PM: info: KubeEntryPoint: Creating networking pod 'kwt-net' in namespace 'default'
02:37:21PM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'default' to start...
02:37:21PM: debug: KubePortForward: Starting port forwarding
02:37:21PM: debug: KubePortForward: out: Forwarding from 127.0.0.1:44959 -> 2048

02:37:21PM: debug: KubePortForward: err: 
02:37:21PM: debug: ReconnSSHClient: Reconnected SSH client
02:37:21PM: info: dns.FailoverRecursorPool: Starting with '127.0.0.1:53'
02:37:21PM: debug: dns.DomainsMux: Updating DNS domain handlers: map[cluster.local.:kube-dns]
02:37:21PM: info: dns.DomainsMux: Registering cluster.local.->kube-dns
02:37:21PM: debug: dns.DNSOSCache: Skipping clearing of OS DNS cache
02:37:21PM: debug: dns.DomainsMux: Updating DNS domain handlers: map[cluster.local.:kube-dns]
02:37:21PM: info: TCPProxy: Started proxy on 127.0.0.1:45955
02:37:21PM: info: UDPProxy: Started proxy on 127.0.0.1:40387
02:37:21PM: info: dns.Server: Started DNS server on 127.0.0.1:37265 (TCP) and 127.0.0.1:38123 (UDP)
02:37:21PM: debug: OsCmdExecutor: Running 'iptables -w -L -t nat'
02:37:24PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:27PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:30PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:33PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:36PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:39PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:42PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:45PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:48PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:51PM: debug: dns.DomainsMux: Updating DNS domain handlers: map[cluster.local.:kube-dns]
02:37:51PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:54PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)
02:37:57PM: debug: SSHClient: Sending keepalive: false [] %!s(<nil>)

also dns lookups fail

> dig whoami.demo.svc.cluster.local

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> whoami.demo.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21784
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.demo.svc.cluster.local.	IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 13 14:42:05 AEDT 2020
;; MSG SIZE  rcvd: 58

> kwt net service -n demo

Services in namespace 'demo'

Name                  Internal DNS                                 Cluster IP    Ports  
netshoot-headless     netshoot-headless.demo.svc.cluster.local     None          80/tcp  
whoami                whoami.demo.svc.cluster.local                10.103.36.93  80/tcp  
whoami-external-name  whoami-external-name.demo.svc.cluster.local  -             -  

3 services

Succeeded

There are no logs in the kwt-net pod

> kubectl -n default get pod -o wide
NAME      READY   STATUS    RESTARTS   AGE   IP            NODE                 NOMINATED NODE   READINESS GATES
kwt-net   1/1     Running   0          24m   10.244.0.13   kind-control-plane   <none>           <none>
> kubectl -n default logs kwt-net
<blank>

Update examples to follow more inclusive language

Describe the problem/challenge you have
Update the example (test/e2e/assets/guestbook-all-in-one.yml) to follow more inclusive language.

Describe the solution you'd like
So that the inclusive naming checker job passes without ignoring the following example: test/e2e/assets/guestbook-all-in-one.yml

Anything else you would like to add:
Originated from https://github.com/vmware-tanzu/carvel/issues/594