Comments (5)
dixudx
commented on July 21, 2024
Yes, the Location here should be overwritten.
from clusternet.
dixudx
commented on July 21, 2024
@leoryu I've tested against kubectl, above location does not affect anything. You can follow this guide to construct a valid kubeconfig for child cluster.
Normally the requests send by client-go or kubectl are as follows,
https://10.0.0.10:6443/apis/proxies.clusternet.io/v1alpha1/sockets/e2f91251-5f05-46be-a130-bd318d242cb4/proxy/direct/api/v1/namespaceshttps://10.0.0.10:6443/apis/proxies.clusternet.io/v1alpha1/sockets/e2f91251-5f05-46be-a130-bd318d242cb4/proxy/direct/apisClusternet will do a request upgrade for those requests.
It is fine to use client-go and kubectl.
from clusternet.
leoryu
commented on July 21, 2024
yeah, client-go works well, bu not http client. The following code will log err if the code can't access clusernet's internal ip:
package main
import (
"crypto/tls"
"log"
"net"
"net/http"
"time"
)
func main() {
url := "https://{pub_ip}:6443/apis/proxies.clusternet.io/v1alpha1/sockets/3167f275-1f8d-4f90-9c81-4703690ded4b/proxy/direct"
client := http.DefaultClient
client.Transport = &http.Transport{
DialContext: (&net.Dialer{
Timeout: 5 * time.Second,
}).DialContext,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
_, err := client.Get(url)
if err != nil {
log.Print(err)
}
}from clusternet.
dixudx
commented on July 21, 2024
yeah, client-go works well, bu not http client.
@leoryu I've found out the clue. client-go will automatically add an ending slash / at the base url (xref client-go).
$ curl -s -I -L -k -H "Impersonate-User: clusternet" -H "Authorization: Basic system:anonymous" 'https://10.0.0.10:6443/apis/proxies.clusternet.io/v1alpha1/sockets/e2f91251-5f05-46be-a130-bd318d242cb4/proxy/direct'
HTTP/2 301
cache-control: no-cache, private
cache-control: no-cache, private
date: Fri, 29 Oct 2021 07:05:36 GMT
location: https://10.111.8.252:443/apis/proxies.clusternet.io/v1alpha1/sockets/e2f91251-5f05-46be-a130-bd318d242cb4/proxy/direct/
x-kubernetes-pf-flowschema-uid: 6aee5d9b-24b2-43f0-9732-3d0c0f2c149d
x-kubernetes-pf-prioritylevel-uid: 684dee03-c9d4-4207-89ed-5d7a4c909456
$ curl -s -I -L -k -H "Impersonate-User: clusternet" -H "Authorization: Basic system:anonymous" 'https://10.0.0.10:6443/apis/proxies.clusternet.io/v1alpha1/sockets/e2f91251-5f05-46be-a130-bd318d242cb4/proxy/direct/'
HTTP/2 403
cache-control: no-cache, private
cache-control: no-cache, private
cache-control: no-cache, private
content-type: application/json
date: Fri, 29 Oct 2021 07:05:48 GMT
x-content-type-options: nosniff
x-kubernetes-pf-flowschema-uid: 6aee5d9b-24b2-43f0-9732-3d0c0f2c149d
x-kubernetes-pf-flowschema-uid: 6aee5d9b-24b2-43f0-9732-3d0c0f2c149d
x-kubernetes-pf-prioritylevel-uid: 684dee03-c9d4-4207-89ed-5d7a4c909456
x-kubernetes-pf-prioritylevel-uid: 684dee03-c9d4-4207-89ed-5d7a4c909456
content-length: 234After manually adding an ending slash, the curl request got a status code 403 instead of 301.
For 403, please follow visiting-child-clusters-with-rbac#using-curl with a valid token or tls certificates.
So this is not a bug of Clusternet.
from clusternet.
dixudx
commented on July 21, 2024
close this issue.
@leoryu Feel free to reopen this if you've got any questions.
from clusternet.
Related Issues (20)
- Add post-join actions after child cluster joins in parent cluster successfully. HOT 2
- controller-manager will panic when the length of bindingClusters and replicas in subscription are not equal
- helm deploy failed HOT 4
- Replace ApplyResourceWithRetry with ApplyResource HOT 2
- Optimized performance of clusternet in large-scale CR scenarios.
- add metrics and pprof server for controller-manager
- Support Scheduling Priority and Preemption HOT 4
- for dividing scheduling, manifest changes should not directly trigger the updates of base objects HOT 1
- does clusternet support Multi-Cluster Controller HOT 5
- The default priority of localization for dynamic scheduling is 1000(the highest), which is not flexible HOT 2
- when we watch wrapper resource, sometimes we can not receive event
- shadow api can not access pv which dynamicly created by pvc HOT 9
- Installation issues: How to add other sub-clusters to the parent cluster HOT 6
- Add a None value to ClusterSyncMode HOT 10
- Missing the example to set a valid chartPullSecret HOT 1
- Sub cluster initiated multiple controllers for processing the same resource
- Report the use of components with vulnerabilities in clusternet HOT 1
- Clusternet Helm Chart: Unnecessary RBAC permissions
- Add the AgentVersion field in ManagedClusterStatus HOT 2
- Failed to create cluster HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clusternet.