I installed telepresence by using the curl command on a Kubernetes cluster running on GKE. I can correctly interact with other services deployed in the cluster and I can intercept services (like the one in this post) running on the default namespace but when the same service is deployed on the kube-system namespace I can't intercept it. I don't get any useful errors, just a timeout when Telepresence tries to install the agent.
I am already aware of a similar issue happening on GKE when some firewall ports are not correctly opened. I followed already the docs and I have already opened those ports. That's how I managed to run the same service on the default namespace correctly.
Steps to reproduce the behavior:
- I started an Nginx service with the following manifest. I have created a docker image
gsantoro/my-nginx:latestwhich is a modified version of Nginx just to expose port 3000 instead of 80
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: gsantoro/my-nginx:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
selector:
app: nginx
type: ClusterIP
ports:
- protocol: TCP
port: 3000
- When I run 'telepresence intercept nginx --namespace kube-system --port 49729:3000`, I see 'telepresence intercept: error: request timed out while waiting for agent my-nginx.kube-system to arrive'
Versions:
- Output of
telepresence version
❯ telepresence version
Enhanced Client: v2.9.4
Root Daemon : v2.9.4
User Daemon : v2.9.4
Traffic Manager: v2.9.4
- Operating system of workstation running
telepresencecommands. MacOs v12.6.1, Apple M1 Max chipset - Kubernetes environment and Version [e.g. Minikube, bare metal, Google Kubernetes Engine]. v1.24.7-gke.900 on GKE
Additional context: logs from traffic-manager:
│ 2022-12-07 14:54:19.1972 debug httpd/conn=127.0.0.1:8081 : PrepareIntercept called : session_id="203deb44-fe3a-4e28-a53a-e3739c7e5cb3" │
│ 2022-12-07 14:54:19.2188 debug agent-configs : MODIFIED telepresence-agents.kube-system │
│ 2022-12-07 14:54:19.2189 debug agent-configs : add my-nginx.kube-system │
│ 2022-12-07 14:54:19.2868 info agent-configs : Successfully rolled out my-nginx.kube-system │
│ 2022-12-07 14:54:19.3669 debug agent-injector/conn=10.24.0.9:8443 : Received webhook request... │
│ 2022-12-07 14:54:19.3680 debug agent-injector/conn=10.24.0.9:8443 : Webhook request handled successfully │
│ 2022-12-07 14:54:22.8172 debug agent-injector/conn=10.24.0.9:8443 : Received webhook request... │
│ 2022-12-07 14:54:22.8208 debug agent-injector/conn=10.24.0.9:8443 : Webhook request handled successfully │
│ 2022-12-07 14:54:23.2490 debug agent-injector/conn=10.24.0.9:8443 : Received webhook request... │
│ 2022-12-07 14:54:23.2507 debug agent-injector/conn=10.24.0.9:8443 : Webhook request handled successfully │
│ 2022-12-07 14:54:23.2594 debug agent-injector/conn=10.24.0.9:8443 : Received webhook request... │
│ 2022-12-07 14:54:23.2607 debug agent-injector/conn=10.24.0.9:8443 : Webhook request handled successfully │
│ 2022-12-07 14:54:23.2665 debug agent-injector/conn=10.24.0.9:8443 : Received webhook request... │
│ 2022-12-07 14:54:23.2674 debug agent-injector/conn=10.24.0.9:8443 : Webhook request handled successfully
telepresence status
User Daemon: Running
Version : v2.9.4 (api 3)
Executable : /usr/local/bin/telepresence
Install ID : *****
Status : Connected
Kubernetes server : https://*****
Kubernetes context: *****
Intercepts : 0 total
Root Daemon: Running
Version: v2.9.4 (api 3)
DNS :
Remote IP : 127.0.0.1
Exclude suffixes: [.com .io .net .org .ru]
Include suffixes: []
Timeout : 8s
Also Proxy : (0 subnets)
Never Proxy: (1 subnets)
- *****
Ambassador Cloud:
Status : Logged in
User ID : *****
Account ID : *****
User Name : *****
Email : *****
Account Name: *****
Am I missing something?
