Hashicorp Boundary throwing не удалось набрать WebSocket при попытке подключения по ssh

Я могу успешно аутентифицировать себя, используя приведенную ниже команду.

      ~ boundary authenticate password -login-name=jeff -password=foofoofoo -auth-method-id=ampw_5Aiqy1zvF5

Authentication information:
  Account ID:      apw_nDkJsApfym
  Auth Method ID:  ampw_5Aiqy1zvF5
  Expiration Time: Wed, 10 Mar 2021 14:49:42 JST
  Token:
  at_p0itAjmn67_s12TzikoWGGZfA4vtNy17Za2jqYPhntRZgSt6fV1daQYReBR5Vmz52jFa5mZdy6kDmmkRerGngNK2RBpyUeuzcGoBTF7YiUohcmyRdngWdRbdT
  User ID:         u_mPihJkaNsc

Однако, когда я пытаюсь подключиться к целевому экземпляру, используя boundary connect ssh -target-id ttcp_bNARIi1qIZ, я получаю ошибку ниже.

      Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get "https://boundary.dev.mydomain.cloud:9202/v1/proxy": dial tcp 10.0.16.28:9202: connect: operation timed out
kex_exchange_identification: read: Connection reset by peer
What should I check to handle this problem?

Мой controller.hclкак показано ниже.

      disable_mlock = true

controller {
    name = "kubernetes-controller"
    description = "A controller for a kubernetes demo!"
    database {
        url = "env://BOUNDARY_PG_URL"
    }
    public_cluster_addr = "boundary.boundary.svc.cluster.local:9201"
}

listener "tcp" {
    address = "0.0.0.0"
    purpose = "api"
    tls_disable = true
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "cluster"
    tls_disable = true
}

kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

Мой worker.hclкак показано ниже.

      disable_mlock = true
worker {
    # Name should be unique across workers
    name = "kubernetes-boundary-worker"
    description = "Boundary worker running in k8s"
    controllers = ["boundary.boundary.svc.cluster.local:9201"]
    public_addr = "boundary.dev.mydomain.cloud"
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "proxy"
    tls_disable = true
}
kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

Для получения дополнительной информации я использую kubernetes как istio. Я развернул воркер и контроллер отдельно в разных контейнерах, используя одно развертывание. Если есть дополнительная информация, которую я должен предоставить, не стесняйтесь спрашивать. Спасибо.

Источник

0 ответов

Другие вопросы по тегам