diff --git a/charts/kubevpn/templates/deployment.yaml b/charts/kubevpn/templates/deployment.yaml index 01f5a9a7..6a570453 100644 --- a/charts/kubevpn/templates/deployment.yaml +++ b/charts/kubevpn/templates/deployment.yaml @@ -45,9 +45,9 @@ spec: ip6tables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -s ${CIDR4} -o eth0 -j MASQUERADE ip6tables -t nat -A POSTROUTING -s ${CIDR6} -o eth0 -j MASQUERADE - kubevpn server -l "tcp://:10800" -l "tun://:8422?net=${TunIPv4}&net6=${TunIPv6}" -l "gtcp://:10801" -l "gudp://:10802" --debug=true + kubevpn server -l "tcp://:10800" -l "tun://:8422?net=${TunIPv4}&net6=${TunIPv6}" -l "gtcp://:10801" --debug=true {{- else }} - - kubevpn server -l "tcp://:10800" -l "gtcp://:10801" -l "gudp://:10802" --debug=true + - kubevpn server -l "tcp://:10800" -l "gtcp://:10801" --debug=true {{- end }} command: - /bin/sh diff --git a/pkg/config/config.go b/pkg/config/config.go index 55ec258f..b0c0acfb 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -45,24 +45,24 @@ const ( VolumeSyncthing = "syncthing" // innerIPv4Pool is used as tun ip - // 198.19.0.0/16 network is part of the 198.18.0.0/15 (reserved for benchmarking). + // 198.19.0.0/16 network is part of the 198.18.0.0/15 (reserved for benchmarking). // https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml + // so we split it into 2 parts: 198.18.0.0/15 --> [198.19.0.0/16, 198.19.0.0/16] innerIPv4Pool = "198.19.0.100/16" - // 原因:在docker环境中,设置docker的 gateway 和 subnet,不能 inner 的冲突,也不能和 docker的 172.17 冲突 - // 不然的话,请求会不通的 - // 解决的问题:在 k8s 中的 名叫 kubernetes 的 service ip 为 - // ➜ ~ kubectl get service kubernetes - //NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - //kubernetes ClusterIP 172.17.0.1 443/TCP 190d - // - // ➜ ~ docker network inspect bridge | jq '.[0].IPAM.Config' - //[ - // { - // "Subnet": "172.17.0.0/16", - // "Gateway": "172.17.0.1" - // } - //] - // 如果不创建 network,那么是无法请求到 这个 kubernetes 的 service 的 + /* + reason:docker use 172.17.0.0/16 network conflict with k8s service kubernetes + ➜ ~ kubectl get service kubernetes + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + kubernetes ClusterIP 172.17.0.1 443/TCP 190d + + ➜ ~ docker network inspect bridge | jq '.[0].IPAM.Config' + [ + { + "Subnet": "172.17.0.0/16", + "Gateway": "172.17.0.1" + } + ] + */ dockerInnerIPv4Pool = "198.18.0.100/16" // 2001:2::/64 network is part of the 2001:2::/48 (reserved for benchmarking) @@ -99,9 +99,6 @@ const ( // hosts entry key word HostsKeyWord = "# Add by KubeVPN" - - GHCR_IMAGE_REGISTRY = "ghcr.io" - DOCKER_IMAGE_REGISTRY = "docker.io" ) var ( diff --git a/pkg/core/tunhandlerclient.go b/pkg/core/tunhandlerclient.go index 9ea8e85a..cbd4097b 100644 --- a/pkg/core/tunhandlerclient.go +++ b/pkg/core/tunhandlerclient.go @@ -38,9 +38,6 @@ type ClientDevice struct { tunInbound chan *Packet tunOutbound chan *Packet errChan chan error - - remote *net.UDPAddr - forward *Forwarder } func (d *ClientDevice) handlePacket(ctx context.Context, forward *Forwarder) { diff --git a/pkg/handler/connect.go b/pkg/handler/connect.go index ca57382f..e34ec4cc 100644 --- a/pkg/handler/connect.go +++ b/pkg/handler/connect.go @@ -237,24 +237,15 @@ func (c *ConnectOptions) DoConnect(ctx context.Context, isLite bool, stopChan <- plog.G(ctx).Errorf("Add extra node IP failed: %v", err) return } - var rawTCPForwardPort, gvisorTCPForwardPort, gvisorUDPForwardPort int - rawTCPForwardPort, err = util.GetAvailableTCPPortOrDie() - if err != nil { - return err - } - gvisorTCPForwardPort, err = util.GetAvailableTCPPortOrDie() - if err != nil { - return err - } - gvisorUDPForwardPort, err = util.GetAvailableTCPPortOrDie() + var tcpForwardPort int + tcpForwardPort, err = util.GetAvailableTCPPortOrDie() if err != nil { return err } plog.G(ctx).Info("Forwarding port...") - portPair := []string{ - fmt.Sprintf("%d:10800", rawTCPForwardPort), - fmt.Sprintf("%d:10801", gvisorTCPForwardPort), - fmt.Sprintf("%d:10802", gvisorUDPForwardPort), + portPair := []string{fmt.Sprintf("%d:10800", tcpForwardPort)} + if c.Engine == config.EngineGvisor { + portPair = []string{fmt.Sprintf("%d:10801", tcpForwardPort)} } if err = c.portForward(c.ctx, portPair); err != nil { return @@ -262,10 +253,7 @@ func (c *ConnectOptions) DoConnect(ctx context.Context, isLite bool, stopChan <- if util.IsWindows() { driver.InstallWireGuardTunDriver() } - forward := fmt.Sprintf("tcp://127.0.0.1:%d", rawTCPForwardPort) - if c.Engine == config.EngineGvisor { - forward = fmt.Sprintf("tcp://127.0.0.1:%d", gvisorTCPForwardPort) - } + forward := fmt.Sprintf("tcp://127.0.0.1:%d", tcpForwardPort) if err = c.startLocalTunServer(c.ctx, forward, isLite); err != nil { plog.G(ctx).Errorf("Start local tun service failed: %v", err) return @@ -319,7 +307,7 @@ func (c *ConnectOptions) portForward(ctx context.Context, portPair []string) err podName := pod.GetName() // try to detect pod is delete event, if pod is deleted, needs to redo port-forward go util.CheckPodStatus(childCtx, cancelFunc, podName, c.clientset.CoreV1().Pods(c.Namespace)) - go util.CheckPortStatus(childCtx, cancelFunc, readyChan, strings.Split(portPair[1], ":")[0]) + go util.CheckPortStatus(childCtx, cancelFunc, readyChan, strings.Split(portPair[0], ":")[0]) go c.heartbeats(childCtx, util.GetPodIP(pod)...) if *first { go func() { @@ -1230,6 +1218,9 @@ func (c *ConnectOptions) heartbeats(ctx context.Context, ips ...string) { var dstIPv4, dstIPv6 net.IP for _, podIP := range ips { ip := net.ParseIP(podIP) + if ip == nil { + continue + } if ip.To4() != nil { dstIPv4 = ip } else { diff --git a/pkg/handler/remote.go b/pkg/handler/remote.go index 9dee0398..bb9f881f 100644 --- a/pkg/handler/remote.go +++ b/pkg/handler/remote.go @@ -363,7 +363,7 @@ func genDeploySpec(namespace string, udp8422 string, tcp10800 string, tcp9002 st Args: []string{util.If( gvisor, ` -kubevpn server -l "tcp://:10800" -l "gtcp://:10801" -l "gudp://:10802" --debug=true`, +kubevpn server -l "tcp://:10800" -l "gtcp://:10801" --debug=true`, ` echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6 @@ -375,7 +375,7 @@ iptables -P FORWARD ACCEPT ip6tables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -s ${CIDR4} -o eth0 -j MASQUERADE ip6tables -t nat -A POSTROUTING -s ${CIDR6} -o eth0 -j MASQUERADE -kubevpn server -l "tcp://:10800" -l "tun://:8422?net=${TunIPv4}&net6=${TunIPv6}" -l "gtcp://:10801" -l "gudp://:10802" --debug=true`, +kubevpn server -l "tcp://:10800" -l "tun://:8422?net=${TunIPv4}&net6=${TunIPv6}" -l "gtcp://:10801" --debug=true`, )}, EnvFrom: []v1.EnvFromSource{{ SecretRef: &v1.SecretEnvSource{ diff --git a/pkg/util/pod.go b/pkg/util/pod.go index 58b5b319..2bcf9a1f 100644 --- a/pkg/util/pod.go +++ b/pkg/util/pod.go @@ -382,7 +382,7 @@ func CheckPodStatus(ctx context.Context, cancelFunc context.CancelFunc, podName } } -func CheckPortStatus(ctx context.Context, cancelFunc context.CancelFunc, readyChan chan struct{}, localGvisorTCPPort string) { +func CheckPortStatus(ctx context.Context, cancelFunc context.CancelFunc, readyChan chan struct{}, localRandomTCPPort string) { defer cancelFunc() ticker := time.NewTicker(time.Second * 60) defer ticker.Stop() @@ -398,10 +398,10 @@ func CheckPortStatus(ctx context.Context, cancelFunc context.CancelFunc, readyCh for ctx.Err() == nil { var lc net.ListenConfig - conn, err := lc.Listen(ctx, "tcp", net.JoinHostPort("127.0.0.1", localGvisorTCPPort)) + conn, err := lc.Listen(ctx, "tcp", net.JoinHostPort("127.0.0.1", localRandomTCPPort)) if err == nil { _ = conn.Close() - plog.G(ctx).Debugf("Local port: %s is free", localGvisorTCPPort) + plog.G(ctx).Debugf("Local port: %s is free", localRandomTCPPort) return } time.Sleep(time.Second * 1)