diff --git a/README.md b/README.md index 8b91683d..86bbe34c 100644 --- a/README.md +++ b/README.md @@ -471,10 +471,13 @@ in advance ## FAQ -- What should I do if the dependent image cannot be pulled, or the inner environment cannot access docker.io? -- Answer: In the network that can access docker.io, transfer the image in the command `kubevpn version` to your own - private image registry, and then add option `--image` to special image when starting the command. - Example: +### 1, What should I do if the dependent image cannot be pulled, or the inner environment cannot access docker.io? + +Answer: + +In the network that can access docker.io, transfer the image in the command `kubevpn version` to your own +private image registry, and then add option `--image` to special image when starting the command. +Example: ``` shell ➜ ~ kubevpn version @@ -507,7 +510,7 @@ pod [kubevpn-traffic-manager] status is Running ... ``` -- When use `kubevpn dev`, but got error code 137, how to resolve ? +### 2, When use `kubevpn dev`, but got error code 137, how to resolve ? ```text dns service ok @@ -528,14 +531,68 @@ clean up successful This is because of your docker-desktop required resource is less than pod running request resource, it OOM killed, so you can add more resource in your docker-desktop setting `Preferences --> Resources --> Memory` -- I am using WSL( Windows Sub Linux ) Docker, when use mode `kubevpn dev`, can not connect to cluster network, how to - solve this problem? +### 3, Using WSL( Windows Sub Linux ) Docker, when use mode `kubevpn dev`, can not connect to cluster network, how to solve this problem? + +Answer: + +this is because WSL'Docker using Windows's Network, so if even start a container in WSL, this container will not use WSL +network, but use Windows network -Answer: this is because WSL'Docker using Windows's Network, so if even start a container in WSL, this container will -not use WSL network, but use Windows network Solution: - 1): install docker in WSL, not use Windows Docker-desktop - 2): use command `kubevpn connect` on Windows, and then startup `kubevpn dev` in WSL - 3): startup a container using command `kubevpn connect` on Windows, and then - startup `kubevpn dev --network container:$CONTAINER_ID` in WSL \ No newline at end of file + startup `kubevpn dev --network container:$CONTAINER_ID` in WSL + +### 4,After use command `kubevpn dev` enter develop mode,but can't assess kubernetes api-server,occur error `172.17.0.1:443 connect refusued`,how to solve this problem? + +Answer: + +Maybe k8s network subnet is conflict with docker subnet + +Solution: + +- Use option `--connect-mode container` to startup command `kubevpn dev` +- Modify `~/.docker/daemon.json`, add not conflict subnet, eg: `"bip": "172.15.0.1/24"`. + +```shell +➜ ~ cat ~/.docker/daemon.json +{ + "builder": { + "gc": { + "defaultKeepStorage": "20GB", + "enabled": true + } + }, + "experimental": false, + "features": { + "buildkit": true + }, + "insecure-registries": [ + ], +} +``` + +add subnet not conflict, eg: 172.15.0.1/24 + +```shell +➜ ~ cat ~/.docker/daemon.json +{ + "builder": { + "gc": { + "defaultKeepStorage": "20GB", + "enabled": true + } + }, + "experimental": false, + "features": { + "buildkit": true + }, + "insecure-registries": [ + ], + "bip": "172.15.0.1/24" +} +``` + +restart docker and retry \ No newline at end of file diff --git a/README_ZH.md b/README_ZH.md index c59293fd..aa406a42 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -462,9 +462,10 @@ Windows ## 问答 -- 依赖的镜像拉不下来,或者内网环境无法访问 docker.io 怎么办? -- 答:在可以访问 docker.io 的网络中,将命令 `kubevpn version` 中的 image 镜像, 转存到自己的私有镜像仓库,然后启动命令的时候,加上 `--image 新镜像` 即可。 - 例如: +### 1,依赖的镜像拉不下来,或者内网环境无法访问 docker.io 怎么办? + +答:在可以访问 docker.io 的网络中,将命令 `kubevpn version` 中的 image 镜像, 转存到自己的私有镜像仓库,然后启动命令的时候,加上 `--image 新镜像` 即可。 +例如: ``` shell ➜ ~ kubevpn version @@ -497,7 +498,7 @@ pod [kubevpn-traffic-manager] status is Running ... ``` -- 在使用 `kubevpn dev` 进入开发模式的时候,有出现报错 137, 改怎么解决 ? +### 2,在使用 `kubevpn dev` 进入开发模式的时候,有出现报错 137, 改怎么解决 ? ```text dns service ok @@ -518,7 +519,7 @@ clean up successful 这是因为你的 `Docker-desktop` 声明的资源, 小于 container 容器启动时所需要的资源, 因此被 OOM 杀掉了, 你可以增加 `Docker-desktop` 对于 resources 的设置, 目录是:`Preferences --> Resources --> Memory` -- 我在使用 WSL( Windows Sub Linux ) Docker, 当我在使用命令 `kubevpn dev` 进入开发模式的时候, 在 terminal 中无法提示链接集群网络, 这是为什么, 如何解决? +### 3,使用 WSL( Windows Sub Linux ) Docker, 用命令 `kubevpn dev` 进入开发模式的时候, 在 terminal 中无法提示链接集群网络, 这是为什么, 如何解决? 答案: 这是因为 WSL 的 Docker 使用的是 主机 Windows 的网络, 所以即便在 WSL 中启动 container, 这个 container 不会使用 WSL 的网络,而是使用 Windows 的网络。 解决方案: @@ -526,4 +527,54 @@ clean up successful - 1): 在 WSL 中安装 Docker, 不要使用 Windows 版本的 Docker-desktop - 2): 在主机 Windows 使用命令 `kubevpn connect`, 然后在 WSL 中使用 `kubevpn dev` 进入开发模式 - 3): 在主机 Windows 上启动一个 container,在 container 中使用命令 `kubevpn connect`, 然后在 WSL - 中使用 `kubevpn dev --network container:$CONTAINER_ID` \ No newline at end of file + 中使用 `kubevpn dev --network container:$CONTAINER_ID` + +### 4,在使用 `kubevpn dev` 进入开发模式后,无法访问容器网络,出现错误 `172.17.0.1:443 connect refusued`,该如何解决? + +答案:大概率是因为 k8s 容器网络和 docker 网络网段冲突了。 + +解决方案: + +- 使用参数 `--connect-mode container` 在容器中链接,也可以解决此问题 +- 可以修改文件 `~/.docker/daemon.json` 增加不冲突的网络,例如 `"bip": "172.15.0.1/24"`. + +```shell +➜ ~ cat ~/.docker/daemon.json +{ + "builder": { + "gc": { + "defaultKeepStorage": "20GB", + "enabled": true + } + }, + "experimental": false, + "features": { + "buildkit": true + }, + "insecure-registries": [ + ], +} +``` + +增加不冲突的网段 + +```shell +➜ ~ cat ~/.docker/daemon.json +{ + "builder": { + "gc": { + "defaultKeepStorage": "20GB", + "enabled": true + } + }, + "experimental": false, + "features": { + "buildkit": true + }, + "insecure-registries": [ + ], + "bip": "172.15.0.1/24" +} +``` + +重启 docker,重新操作即可 diff --git a/pkg/handler/cleaner.go b/pkg/handler/cleaner.go index c9d263a8..290a6ea9 100644 --- a/pkg/handler/cleaner.go +++ b/pkg/handler/cleaner.go @@ -45,14 +45,8 @@ func AddCleanUpResourceHandler(clientset *kubernetes.Clientset, ns string, dhcp } } _ = clientset.CoreV1().Pods(ns).Delete(context.Background(), config.CniNetName, v1.DeleteOptions{GracePeriodSeconds: pointer.Int64(0)}) - count, err := updateRefCount(clientset.CoreV1().ConfigMaps(ns), config.ConfigMapPodTrafficManager, -1) - if err == nil { - // if ref-count is less than zero or equals to zero, means nobody is using this traffic pod, so clean it - if count <= 0 { - log.Info("ref-count is zero, prepare to clean up resource") - cleanup(clientset, ns, config.ConfigMapPodTrafficManager, true) - } - } else { + _, err := updateRefCount(clientset.CoreV1().ConfigMaps(ns), config.ConfigMapPodTrafficManager, -1) + if err != nil { log.Error(err) } dns.CancelDNS() diff --git a/pkg/handler/reset.go b/pkg/handler/reset.go index cafcc01a..8c405dc1 100644 --- a/pkg/handler/reset.go +++ b/pkg/handler/reset.go @@ -4,6 +4,8 @@ import ( "context" "strings" + "github.com/docker/docker/api/types" + "github.com/docker/docker/client" log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/yaml" @@ -40,5 +42,16 @@ func (c *ConnectOptions) Reset(ctx2 context.Context) error { } } cleanup(c.clientset, c.Namespace, config.ConfigMapPodTrafficManager, false) + var cli *client.Client + if cli, err = client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()); err != nil { + return nil + } + var i types.NetworkResource + if i, err = cli.NetworkInspect(ctx, config.ConfigMapPodTrafficManager, types.NetworkInspectOptions{}); err != nil { + return nil + } + if len(i.Containers) == 0 { + return cli.NetworkRemove(ctx, config.ConfigMapPodTrafficManager) + } return nil }