Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

bug: TLS handshake with kubernetes apiserver times out intermittently #273

Open
tetra12 opened this issue Nov 24, 2024 · 1 comment
Open

bug: TLS handshake with kubernetes apiserver times out intermittently #273

tetra12 opened this issue Nov 24, 2024 · 1 comment

Comments

@tetra12
Copy link

tetra12 commented Nov 24, 2024

Hi! First off, thanks for building and supporting caddy and caddy-L4 😃
We have been using caddy in production for about 2y for now and are totally happy 😄 with it

Now I wanna use caddy as an edge load balancer before kube apiserver. I have a pretty standard deployment as below:
edge.

I've setup my laptop as a kube apiclient. It works, but fails due to TLS timeout intermittently, like one first command fails and have 2-3 commands succeeded.

Here's what I have:

 ~/.kube  kubectl get pods -A                                                                                                                            ✔  21:05:43 

E1124 21:05:55.183074  132224 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://public-IP:25025/api?timeout=32s\": net/http: TLS handshake timeout"
E1124 21:06:05.202558  132224 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://public-IP:25025/api?timeout=32s\": net/http: TLS handshake timeout"
E1124 21:06:15.221692  132224 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://public-IP:25025/api?timeout=32s\": net/http: TLS handshake timeout"
error: the server doesn't have a resource type "po"

 ~/.kube  kubectl get pods -A                                                                                                                          1 ✘  21:06:15 
NAMESPACE          NAME                                       READY   STATUS    RESTARTS      AGE
kube-system        coredns-7c65d6cfc9-7dfvp                   1/1     Running   1 (20h ago)   5d6h
kube-system        coredns-7c65d6cfc9-dx2cz                   1/1     Running   1 (20h ago)   5d6h
...

I don't really know how to debug this.

My setup:

OS (server): Ubuntu 24.04
OS(VM): Ubuntu 24.04

Caddyfile:

    # kube apiserver
    :25025 {
      route {
        proxy 192.168.122.10:6443
      }
    }

Caddy config:

caddy build-info

dep     github.com/caddyserver/caddy/v2         v2.8.4  h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk= 
dep     github.com/mholt/caddy-l4               v0.0.0-20241102143510-d8ba3fbdf35c      h1:3z5GznqFlQFOiyWdeVC7yYu1hWSZ7UHdS2dRUbvNCZg=
dep     github.com/mholt/caddy-ratelimit        v0.0.0-20240828171918-12435ecef5db      h1:30N0UnATYd7E8iaWSSOTlsr2/rd8v+7w0X+2Jc8FDJk=
@tetra12
Copy link
Author

tetra12 commented Nov 24, 2024

this results in helm/api failing:

Error: Kubernetes cluster unreachable: Get "https://public-IP:25025/version": net/http: TLS handshake timeout

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tetra12