bryopsida
bryopsida
Are there any network policies at the cluster level that could be blocking the connection from the wireguard pod to the kube-dns/coredns service? - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - https://www.alibabacloud.com/help/en/ack/ack-managed-and-ack-dedicated/user-guide/use-network-policies
And do you have any warnings in the wireguard pod logs? A clean startup should look like this. ``` sysctls net.ipv4.ip_forward = 1 sysctls net.ipv4.conf.all.forwarding = 1 wireguard [#] ip...
It looks like hubble is compatible with terway. https://www.alibabacloud.com/help/en/ack/ack-managed-and-ack-dedicated/user-guide/implement-network-observability-by-using-ack-terway-and-cilium-hubble Based on the logs, and the wireguard peer handshake status from the pod, it looks like the connection from your laptop...
When you have the visual filters setup to show everything in Hubble like this.  You should see your laptops queries going to kube dns like this.  Looking at...
Based on the screenshot you sent with your kube-dns server address, am I correct to assume your kubernetes cluster pod and service cidr is 192.168.0.0/16? If that's the case, can...
Looking over the failed checks. - The qemu checks are failing during the setup of qemu not a build. - mingw checks are failing because of an outdated upload artifact...
> LGTM with a minor comment. @vtjnash how do handle merging v1 into mastes these days? Looks like that's necessary for the CI to be happy. FWIW this is the...
Likely would need to add something to share peer routes across WG server pods in same cluster.
Additional considerations. 1) The WG server pod with the client connection is the only network namespace that has the routing information to that peer. 2) Because of 1) the HAProxy...
Something else to consider, if a service mesh is leveraged, we could just watch the peer connections and register/update entries in the mesh, perhaps an option to embed a standalone...