[已解决] 请问为什么开启 telepresence 之后访问 console 会 404 ?

deepdream314

环境：

kubesphere v3.0.0版本，服务正常启动，访问<IP>:30880，使用admin/P@88w0rd可正常登陆，基本功能使用正常。
系统: macOS
k8s部署方式：minikube start –cpus=4 –memory=8096mb –kubernetes-version=v1.18.8 –driver=virtualbox –image-mirror-country cn –registry-mirror=“https://docker.mirrors.ustc.edu.cn”
k8s版本：v1.18.8

console日志：

  <-- GET / 2021/01/02T15:11:39.062
{ code: 404,
  statusText: 'Not Found',
  message: '404 page not found\n' }
  --> GET / 404 11ms - 2021/01/02T15:11:39.073
{ code: 404,
  statusText: 'Not Found',
  message: '404 page not found\n' }
  <-- GET /favicon.ico 2021/01/02T15:11:39.451
{ code: 404,
  statusText: 'Not Found',
  message: '404 page not found\n' }
  --> GET /favicon.ico 404 9ms - 2021/01/02T15:11:39.460
{ code: 404,
  statusText: 'Not Found',
  message: '404 page not found\n' }
  <-- GET / 2021/01/02T15:11:43.256
{ UnauthorizedError: Not Login
    at Object.throw (/opt/kubesphere/console/server/server.js:31701:11)
    at getCurrentUser (/opt/kubesphere/console/server/server.js:9037:14)
    at renderView (/opt/kubesphere/console/server/server.js:23231:46)
    at dispatch (/opt/kubesphere/console/server/server.js:6870:32)
    at next (/opt/kubesphere/console/server/server.js:6871:18)
    at /opt/kubesphere/console/server/server.js:70183:16
    at dispatch (/opt/kubesphere/console/server/server.js:6870:32)
    at next (/opt/kubesphere/console/server/server.js:6871:18)
    at /opt/kubesphere/console/server/server.js:77986:37
    at dispatch (/opt/kubesphere/console/server/server.js:6870:32)
    at next (/opt/kubesphere/console/server/server.js:6871:18)
    at /opt/kubesphere/console/server/server.js:70183:16
    at dispatch (/opt/kubesphere/console/server/server.js:6870:32)
    at next (/opt/kubesphere/console/server/server.js:6871:18)
    at /opt/kubesphere/console/server/server.js:77986:37
    at dispatch (/opt/kubesphere/console/server/server.js:6870:32) message: 'Not Login' }
  --> GET / 302 2ms 43b 2021/01/02T15:11:43.258
  <-- GET /login 2021/01/02T15:11:43.259
{ code: 404,
  statusText: 'Not Found',
  message: '404 page not found\n' }
  --> GET /login 200 18ms 14.82kb 2021/01/02T15:11:43.277

pod 启动正常

➜  ~ kubectl get pod -n kubesphere-system
NAME                                            READY   STATUS    RESTARTS   AGE
ks-apiserver-937d549a97b040c4a30b291204025919   1/1     Running   0          16m
ks-console-b4df86d6f-hjj8c                      1/1     Running   0          147m
ks-controller-manager-7fd596f5f6-nkc8t          1/1     Running   0          145m
ks-installer-7cb866bd-d549d                     1/1     Running   0          149m
openldap-0                                      1/1     Running   0          147m
redis-644bc597b9-vb9k8                          1/1     Running   0          147m

curl -v http://192.168.99.104:30880/kapis/config.kubesphere.io/v1alpha2/configs/configz

➜  ~ curl -v http://192.168.99.104:30880/kapis/config.kubesphere.io/v1alpha2/configs/configz
*   Trying 192.168.99.104...
* TCP_NODELAY set
* Connected to 192.168.99.104 (192.168.99.104) port 30880 (#0)
> GET /kapis/config.kubesphere.io/v1alpha2/configs/configz HTTP/1.1
> Host: 192.168.99.104:30880
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< vary: Origin
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< date: Sat, 02 Jan 2021 15:20:51 GMT
< content-length: 19
< connection: close
<
404 page not found
* Closing connection 0

shaowenchen

swap 之后，访问就转到本地了，本地需要启动 ks-apiserver。

deepdream314

shaowenchen 本地启动了 ks-apiserver

shaowenchen

deepdream314

可以先访问本地的 apiserver 看看，访问 30880 的路径是 browser -> console -> apiserver ，一步一步确认吧。

deepdream314

shaowenchen
browser -> apiserver(localhost:9090) 可以访问到
browser -> console -> apiserver console 到 apiserver 访问不了
看 console 日志报错是 404 Not Found 请问有什么办法可以排除 console 到 apisever 为什么不能访问吗？

shaowenchen

deepdream314

可能是端口\地址不对，console 默认使用的是 ks-apiserver.kubesphere.system.svc

deepdream314

shaowenchen

如果不 swap

curl http://ks-apiserver.kubesphere-system.svc/kapis/resources.kubesphere.io/v1alpha3/deployments
可以访问通

➜  ~ telepresence --run-shell
T: Using a Pod instead of a Deployment for the Telepresence proxy. If you experience problems, please file
T: an issue!
T: Set the environment variable TELEPRESENCE_USE_DEPLOYMENT to any non-empty value to force the old
T: behavior, e.g.,
T:     env TELEPRESENCE_USE_DEPLOYMENT=1 telepresence --run curl hello

T: Starting proxy with method 'vpn-tcp', which has the following limitations: All processes are affected,
T: only one telepresence can run per machine, and you can't use other VPNs. You may need to add cloud hosts
T:  and headless services with --also-proxy. For a full list of method limitations see
T: https://telepresence.io/reference/methods.html
T: Volumes are rooted at $TELEPRESENCE_ROOT. See https://telepresence.io/howto/volumes.html for details.
T: Starting network proxy to cluster using new Pod telepresence-1609728959-952586-80478

T: No traffic is being forwarded from the remote Deployment to your local machine. You can use the --expose
T:  option to specify which ports you want to forward.

T: Connected. Flushing DNS cache.
T: Setup complete. Launching your command.

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
@minikube|bash-3.2$ curl http://ks-apiserver.kubesphere.system.svc/kapis/resources.kubesphere.io/v1alpha3/deployments
curl: (6) Could not resolve host: ks-apiserver.kubesphere.system.svc
@minikube|bash-3.2$ curl http://ks-apiserver.kubesphere-system.svc/kapis/resources.kubesphere.io/v1alpha3/deployments
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "deployments.resources.kubesphere.io is forbidden: User \"system:anonymous\" cannot list resource \"deployments\" in API group \"resources.kubesphere.io\" at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "group": "resources.kubesphere.io",
    "kind": "deployments"
  },
  "code": 403
}@minikube|bash-3.2$

swap 之后本地开启 ks-apiserver

curl http://ks-apiserver.kubesphere-system.svc/kapis/resources.kubesphere.io/v1alpha3/deployments
访问不了了

➜  ~ telepresence --namespace kubesphere-system --swap-deployment ks-apiserver --also-proxy redis.kubesphere-system.svc --also-proxy openldap.kubesphere-system.svc --expose 9090:9090
T: Using a Pod instead of a Deployment for the Telepresence proxy. If you experience problems, please file
T: an issue!
T: Set the environment variable TELEPRESENCE_USE_DEPLOYMENT to any non-empty value to force the old
T: behavior, e.g.,
T:     env TELEPRESENCE_USE_DEPLOYMENT=1 telepresence --run curl hello

T: Starting proxy with method 'vpn-tcp', which has the following limitations: All processes are affected,
T: only one telepresence can run per machine, and you can't use other VPNs. You may need to add cloud hosts
T:  and headless services with --also-proxy. For a full list of method limitations see
T: https://telepresence.io/reference/methods.html
T: Volumes are rooted at $TELEPRESENCE_ROOT. See https://telepresence.io/howto/volumes.html for details.
T: Starting network proxy to cluster by swapping out Deployment ks-apiserver with a proxy Pod
T: Forwarding remote port 9090 to local port 9090.

T: Connected. Flushing DNS cache.
T: Setup complete. Launching your command.

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
@minikube|bash-3.2$ curl http://ks-apiserver.kubesphere-system.svc/kapis/resources.kubesphere.io/v1alpha3/deployments
curl: (52) Empty reply from server

dig 可以查询到对应的 ip

@minikube|bash-3.2$ dig ks-apiserver.kubesphere-system.svc

; <<>> DiG 9.10.6 <<>> ks-apiserver.kubesphere-system.svc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24024
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ks-apiserver.kubesphere-system.svc. IN	A

;; ANSWER SECTION:
ks-apiserver.kubesphere-system.svc. 2 IN A	10.109.170.53

;; Query time: 5 msec
;; SERVER: 172.16.100.5#53(172.16.100.5)
;; WHEN: Mon Jan 04 11:03:36 CST 2021
;; MSG SIZE  rcvd: 68

@minikube|bash-3.2$ kubectl get svc -n kubesphere-system -o wide
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE   SELECTOR
ks-apiserver            ClusterIP   10.109.170.53    <none>        80/TCP         17h   app=ks-apiserver,tier=backend,version=v3.0.0
ks-console              NodePort    10.98.249.140    <none>        80:30880/TCP   17h   app=ks-console,tier=frontend,version=v3.0.0
ks-controller-manager   ClusterIP   10.103.228.240   <none>        443/TCP        17h   app=ks-controller-manager,tier=backend,version=v3.0.0
openldap                ClusterIP   None             <none>        389/TCP        17h   app.kubernetes.io/instance=ks-openldap,app.kubernetes.io/name=openldap-ha
redis                   ClusterIP   10.107.83.108    <none>        6379/TCP       17h   app=redis,tier=database

deepdream314

已解决本地 clash 占用了 9090 端口但很神奇的是本地 ks-apiserver 也能启动，且 curl http://localhost:9090 也是调用到了 ks-apiserver

chengleqi

deepdream314 一模一样的问题，很坑。ClashX关闭之后就好了。

可以将配置文件的external-controller改一下

# RESTful API for clash

external-controller: 127.0.0.1:9091