Subnet router and Kubernetes

Dax · April 7, 2022, 4:45pm

Hello,

I have successfully installed the subnet router on my remote equipment and can access all my machines on the private network from home.

I have installed a second router in side my cluster using the mvisonneau/tailscale:v1.18.2 helm chart. The install went ok, and tailscale admin picked up the new router. When I try to access a service or pod inside the cluster, the tailscale pod logs sees the incoming request however nothing gets returned, http or icmp. Here is what the logs look like.

2022/04/07 16:31:24 Accept: ICMPv4{100.72.195.93:0 > 10.244.235.131:0} 60 icmp ok
2022/04/07 16:31:29 Accept: ICMPv4{100.72.195.93:0 > 10.244.235.131:0} 60 icmp ok
2022/04/07 16:31:34 Accept: ICMPv4{100.72.195.93:0 > 10.244.235.131:0} 60 icmp ok

The one thing I noticed is the helm chart version of tailscale is pretty far behind, could this be a compatibility issue between the different versions?

Thanks for any thoughts you may have on the subject.
Brad

Dax · April 8, 2022, 10:09pm

Ok the error was that the ip forwarding was not set inside the pod. working with the helm author to fix, I hope.

nopzen · April 19, 2022, 7:29am

Hi Dax

I’m facing the excact same issue, I can how ever tell you updating the versions of the tailscale did not seem to fix it for me, regardless I’ve created pull requests to the owner of the docker image and helm repo to update to 1.22.2

Do you know why the pod just stopped forwarding the IP’s this have been working for me for around 3 months or so, and all of a sudden just stopped?

open prs:

Dax · April 20, 2022, 10:57pm

I had to abandon the helm chart and make my own. Ping me if you would like my recipe.

Brad

dvpn · May 15, 2022, 1:04am

I would like the recipe!

dvpn · May 15, 2022, 1:11am

Im using the updated mvisonneau tailscale helm chart but the same result as above.
I have a redis server running inside of an eks cluster deployed with terraform.
The terraform uses the mvisonneau tailscale-relay chart. Deploys into the cluster fine and uses a reusable tailscale auth key and advertise routes 10.100.0.0/16
So currently the pods are a in public vpc for simplicity and the ipv4.ip_forward=1 is set on both the pod and the node itself. Is the ipv6.conf.all.forwarding a requirement if we’re only using ipv4?

dvpn · May 16, 2022, 11:54pm

tailscale ping appears to be working as well

Logo · April 25, 2023, 5:58am

Hello all, I would like to do the same. could you please share your helm chart?
Thanks

Logo · April 25, 2023, 6:26am

@dvpn could you solve the issue? I would like to access the apiserver over relay, so I can close down the apiserver access. I can ping the relay vpn ip from client but cannot access any network behind.
did you need to set forwards manually? As I see in the pod there is not settings in /etc/sysctl.conf
thanks

Topic		Replies	Views
Subnet router in kubernetes not showing up in machine list Linux	4	751	September 21, 2022
Tailscaled in GKE Pod can ping but not route Linux	8	1416	September 4, 2021
Adding a subnet router with subnet that is in 100.x CIDR range SUPPORT QUESTIONS	1	542	February 11, 2023
Subnet Routed not working (Unraid Docker) Linux	1	2132	May 25, 2022
Subnet question	0	267	February 22, 2023

Subnet router and Kubernetes

Related Topics