feat: extra-domain support ipv6 fix ssh-jump not use --kubeconfig options bug

README.md

@@ -251,7 +251,7 @@ dns service ok
 Hello world!%
 ```
 
-### Dev mode in local
+### Dev mode in local 🐳
 
 Run the Kubernetes pod in the local Docker container, and cooperate with the service mesh to intercept the traffic with
 the specified header to the local, or all the traffic to the local.

README_ZH.md

@@ -249,7 +249,7 @@ dns service ok
 Hello world!%
 ```
 
-### 本地进入开发模式
+### 本地进入开发模式 🐳
 
 将 Kubernetes pod 运行在本地的 Docker 容器中，同时配合 service mesh, 拦截带有制定 header 的流量到本地，或者所有的流量到本地。这个开发模式依赖于本地 Docker .
 

cmd/kubevpn/cmds/root.go

@@ -1,11 +1,18 @@
 package cmds
 
 import (
+	"os"
+
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"k8s.io/client-go/rest"
+	restclient "k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/kubectl/pkg/util/i18n"
 	"k8s.io/kubectl/pkg/util/templates"
+
+	"github.com/wencaiwulue/kubevpn/pkg/config"
 )
 
 func NewKubeVPNCommand() *cobra.Command {
@@ -22,6 +29,17 @@ func NewKubeVPNCommand() *cobra.Command {
 
 	flags := cmd.PersistentFlags()
 	configFlags := genericclioptions.NewConfigFlags(true).WithDeprecatedPasswordFlag()
+	configFlags.WrapConfigFn = func(c *rest.Config) *rest.Config {
+		if path, ok := os.LookupEnv(config.EnvSSHJump); ok {
+			kubeconfigBytes, err := os.ReadFile(path)
+			cmdutil.CheckErr(err)
+			var conf *restclient.Config
+			conf, err = clientcmd.RESTConfigFromKubeConfig(kubeconfigBytes)
+			cmdutil.CheckErr(err)
+			return conf
+		}
+		return c
+	}
 	configFlags.AddFlags(flags)
 	matchVersionFlags := cmdutil.NewMatchVersionFlags(configFlags)
 	matchVersionFlags.AddFlags(flags)

pkg/config/config.go

@@ -86,6 +86,7 @@ const (
 
 	// startup by KubeVPN
 	EnvStartSudoKubeVPNByKubeVPN = "DEPTH_SIGNED_BY_NAISON"
+	EnvSSHJump                   = "SSH_JUMP_BY_KUBEVPN"
 )
 
 var (

pkg/handler/cleaner.go

@@ -32,7 +32,7 @@ func (c *ConnectOptions) addCleanUpResourceHandler() {
 	go func() {
 		<-stopChan
 		log.Info("prepare to exit, cleaning up")
-		err := c.dhcp.ReleaseIpToDHCP(c.localTunIPv4.IP, c.localTunIPv6.IP)
+		err := c.dhcp.ReleaseIP(c.localTunIPv4.IP, c.localTunIPv6.IP)
 		if err != nil {
 			log.Errorf("failed to release ip to dhcp, err: %v", err)
 		}

pkg/handler/connect.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"math"
+	"math/rand"
 	"net"
 	"net/netip"
 	"net/url"
@@ -323,7 +325,13 @@ func (c *ConnectOptions) addRouteDynamic(ctx context.Context) (err error) {
 		if errs == nil && tunIface.Name == iface.Name {
 			return
 		}
-		errs = tun.AddRoutes(types.Route{Dst: net.IPNet{IP: net.ParseIP(ip), Mask: net.CIDRMask(32, 32)}})
+		var mask net.IPMask
+		if net.ParseIP(ip).To4() != nil {
+			mask = net.CIDRMask(32, 32)
+		} else {
+			mask = net.CIDRMask(128, 128)
+		}
+		errs = tun.AddRoutes(types.Route{Dst: net.IPNet{IP: net.ParseIP(ip), Mask: mask}})
 		if errs != nil {
 			log.Debugf("[route] add route failed, resource: %s, ip: %s,err: %v", resource, ip, err)
 		}
@@ -634,6 +642,10 @@ func SshJump(conf *util.SshConfig, flags *pflag.FlagSet) (err error) {
 	_ = os.Chmod(temp.Name(), 0644)
 	log.Infof("using temp kubeconfig %s", temp.Name())
 	err = os.Setenv(clientcmd.RecommendedConfigPathEnvVar, temp.Name())
+	if err != nil {
+		return err
+	}
+	err = os.Setenv(config.EnvSSHJump, temp.Name())
 	return err
 }
 
@@ -808,7 +820,13 @@ func (c *ConnectOptions) addExtraRoute(ctx context.Context) (err error) {
 		if errs == nil && tunIface.Name == iface.Name {
 			return
 		}
-		errs = tun.AddRoutes(types.Route{Dst: net.IPNet{IP: net.ParseIP(ip), Mask: net.CIDRMask(32, 32)}})
+		var mask net.IPMask
+		if net.ParseIP(ip).To4() != nil {
+			mask = net.CIDRMask(32, 32)
+		} else {
+			mask = net.CIDRMask(128, 128)
+		}
+		errs = tun.AddRoutes(types.Route{Dst: net.IPNet{IP: net.ParseIP(ip), Mask: mask}})
 		if errs != nil {
 			log.Debugf("[route] add route failed, domain: %s, ip: %s,err: %v", resource, ip, err)
 		}
@@ -816,31 +834,41 @@ func (c *ConnectOptions) addExtraRoute(ctx context.Context) (err error) {
 
 	client := &miekgdns.Client{Net: "udp", SingleInflight: true, DialTimeout: time.Second * 30}
 	for _, domain := range c.ExtraDomain {
-		err = retry.OnError(
-			retry.DefaultRetry,
-			func(err error) bool {
-				return err != nil
-			},
-			func() error {
-				var answer *miekgdns.Msg
-				answer, _, err = client.ExchangeContext(ctx, &miekgdns.Msg{
-					Question: []miekgdns.Question{{
-						Name:  domain + ".",
-						Qtype: miekgdns.TypeA,
-					}},
-				}, fmt.Sprintf("%s:%d", ips[0], 53))
-				if err != nil {
-					return err
-				}
-				for _, rr := range answer.Answer {
-					if a, ok := rr.(*miekgdns.A); ok && a.A != nil {
-						addRouteFunc(domain, a.A.String())
+		for _, qType := range []uint16{miekgdns.TypeA, miekgdns.TypeAAAA} {
+			err = retry.OnError(
+				retry.DefaultRetry,
+				func(err error) bool {
+					return err != nil
+				},
+				func() error {
+					var answer *miekgdns.Msg
+					answer, _, err = client.ExchangeContext(ctx, &miekgdns.Msg{
+						MsgHdr: miekgdns.MsgHdr{
+							Id: uint16(rand.Intn(math.MaxUint16 + 1)),
+						},
+						Question: []miekgdns.Question{
+							{
+								Name:  domain + ".",
+								Qtype: qType,
+							},
+						},
+					}, fmt.Sprintf("%s:%d", ips[0], 53))
+					if err != nil {
+						return err
 					}
-				}
-				return nil
-			})
-		if err != nil {
-			return err
+					for _, rr := range answer.Answer {
+						switch a := rr.(type) {
+						case *miekgdns.A:
+							addRouteFunc(domain, a.A.String())
+						case *miekgdns.AAAA:
+							addRouteFunc(domain, a.AAAA.String())
+						}
+					}
+					return nil
+				})
+			if err != nil {
+				return err
+			}
 		}
 	}
 	return

pkg/handler/dhcp.go

@@ -108,7 +108,7 @@ func (d *DHCPManager) RentIPRandom() (*net.IPNet, *net.IPNet, error) {
 	return &net.IPNet{IP: v4, Mask: d.cidr.Mask}, &net.IPNet{IP: v6, Mask: d.cidr6.Mask}, nil
 }
 
-func (d *DHCPManager) ReleaseIpToDHCP(ips ...net.IP) error {
+func (d *DHCPManager) ReleaseIP(ips ...net.IP) error {
 	return d.updateDHCPConfigMap(func(ipv4 *ipallocator.Range, ipv6 *ipallocator.Range) error {
 		for _, ip := range ips {
 			var use *ipallocator.Range

pkg/mesh/controller.go

@@ -45,7 +45,7 @@ ip6tables -P INPUT ACCEPT
 iptables -P FORWARD ACCEPT
 ip6tables -P FORWARD ACCEPT
 iptables -t nat -A PREROUTING ! -p icmp ! -s 127.0.0.1 ! -d ${CIDR4} -j DNAT --to 127.0.0.1:15006
-ip6tables -t nat -A PREROUTING ! -p icmp ! -s 0:0:0:0:0:0:0:1 ! -d ${CIDR6} -j DNAT --to 0:0:0:0:0:0:0:1:15006
+ip6tables -t nat -A PREROUTING ! -p icmp ! -s 0:0:0:0:0:0:0:1 ! -d ${CIDR6} -j DNAT --to [0:0:0:0:0:0:0:1]:15006
 iptables -t nat -A POSTROUTING ! -p icmp ! -s 127.0.0.1 ! -d ${CIDR4} -j MASQUERADE
 ip6tables -t nat -A POSTROUTING ! -p icmp ! -s 0:0:0:0:0:0:0:1 ! -d ${CIDR6} -j MASQUERADE
 kubevpn serve -L "tun:/localhost:8422?net=${TunIPv4}&route=${CIDR4}" -F "tcp://${TrafficManagerService}:10800"`,

pkg/webhook/dhcp.go

@@ -56,7 +56,7 @@ func (d *dhcpServer) releaseIP(w http.ResponseWriter, r *http.Request) {
 	log.Infof("handling release ip request, pod name: %s, ns: %s", podName, namespace)
 	cmi := d.clientset.CoreV1().ConfigMaps(namespace)
 	dhcp := handler.NewDHCPManager(cmi, namespace)
-	if err := dhcp.ReleaseIpToDHCP(ips...); err != nil {
+	if err := dhcp.ReleaseIP(ips...); err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusBadRequest)
 		return

pkg/webhook/pods.go

@@ -128,7 +128,7 @@ func (h *admissionReviewHandler) admitPods(ar v1.AdmissionReview) *v1.AdmissionR
 				}
 			}
 			cmi := h.clientset.CoreV1().ConfigMaps(ar.Request.Namespace)
-			err := handler.NewDHCPManager(cmi, ar.Request.Namespace).ReleaseIpToDHCP(ips...)
+			err := handler.NewDHCPManager(cmi, ar.Request.Namespace).ReleaseIP(ips...)
 			if err != nil {
 				log.Errorf("release ip to dhcp err: %v, ips: %v", err, ips)
 			} else {