Here we are. Single pod netmaker deployment for Kubernetes. It appears to work for me now. But It's also my first time trying netmaker 😧 . I'm sure there are improvements to be made. As long as you have domains and a working ingress you can spin this up https://github.com/geragcp/netmaker-k3s

Dope will check out in AM

Honestly just resorted back to simple docket

Will keep trying dakube tho. The scalability is cool

Hi all, I'm trying to create a cluster using kubeadm and calico with a master (

192.168.100.2

) and a worker (

192.168.100.3

). Master is in

Ready

state but calico-node pod on worker errors:

Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: i/o timeout

So apparently if outbound traffic can be redirected for

10.96.0.1:443

to

192.168.100.2:6443

(kubeapi-server), it will work. I tried on worker:

iptables -t nat -A OUTPUT -p tcp -d 10.96.0.1 --dport 443 -j DNAT --to-destination 192.168.100.2:6443

But it doesn't work; I can

curl -k https://192.168.100.2:6443

but not

curl -k https://10.96.0.1:443

. Can I use any Wireguard or Netmaker feature to implement the redirection?

this is cool! gonna add it to the community projects in the next release

im not sure I understand your setup. Is Netmaker already deployed here? If so, which address is the netclient? Is it deployed on the host or as a container? Is it being used as an egress gateway?

Thanks @jolly-london-20127. Yes Netmaker is already installed as dedicated VM on cloud. it's at

api.vpn.mydomain.com:443

. I'm new to Netmaker and unsure of ingress and egress. these are my clients (except netmaker-01, which is Netmaker server)

Are any of your nodes in a local subnet that overlaps with 192.168.100.0/24? If so, this would definitely be an issue. I usually stay away from using 192.168.x.x. as a range for the network.

actually based on your messages it sounds lke that is not the issue

so 10.96.0.0/16 is the pod network run by calico?

yes, similar. it's service network CIDR. 10.96.0.1 is the default kubernetes (aka kube-apiserver) service. And no, there shouldn't be subnet overlap

Ok, I am not sure how you have configured calico, but typically there are a few settings to make sure it runs traffic over the wireguard interface. Did you configure that?

No, I didn't do anything extra other than straight

kubectl create -f https://docs.projectcalico.org/manifests/calico.yaml

. I saw this though https://projectcalico.docs.tigera.io/security/encrypt-cluster-pod-traffic. Got confused whether it'd cause conflict with Netmaker settings.

Ahhh yes I would guess by default it won’t work without modification. The encryption part should not be an issue but you do need to specify the interface for traffic

I used IP autodection method=interface=nm-tc-net, or can_reach=192.168.100.2. Thanks for all useful inputs. I'll get back after trying calico config. I'll try without encryptionpart. that was confusing

is my expectation correct, that i could run a network within a cluster through netmaker and pods connected to the server either one or the other way? this leads me to the follow up question on how would i approach this?

K8s networking

@here for those doing K8S, the templates and helm charts have (finally!!) been updated from 0.9.4 to 0.14.5. You can now deploy the latest HA to K8S using the helm charts again. There's also an updated step-by-step installation process in the main repo. I went off of some of @white-piano-73111 's work so big thanks to him. In addition, there's a new Netclient daemonset in the main repo that will work for deploying clients to a cluster: https://github.com/gravitl/netmaker-helm https://github.com/gravitl/netmaker/tree/master/k8s/server https://github.com/gravitl/netmaker/blob/master/k8s/client/netclient-daemonset.yaml

I'm not 100% sure what is meant by this, in the requirements section: - By default, MQ is deployed with a NodePort, and DNS (in particular this) must point to this NodePort - If deploying with default settings, you must (and this) modify the cluster load balancer so that it will load balancer 31883 --> 31883

I set up NetMaker with the manifest files (v0.15.0), and every thing seems to be fine. Except I can only reach the ingress node as client and I'm also having som serious issues getting Netclient up and running. With errors like: "daemon restart failed failed to find pid could not read pid file open /var/run/netclient.pid: no such file or directory" and "sudo netclient leave -n wg-vnet [netclient] 2022-09-06 21:29:10 network: wg-vnet unable to authenticate: Post "https://api.nm.xxxxx.xxx:443/api/nodes/adm/wg-vnet/authenticate": dial tcp: lookup api.nm.xxxxx.xxx on 127.0.0.53:53: server misbehaving" I assume that it might be DNS, mosquitto misconfiguration? (I deployed on an existing k3s cluster, without Wireguard kernel)

I set up NetMaker with the manifest

@jolly-london-20127 any ETA on 0.15.1 with the issues fixed? Also, how do I upgrade from 0.14.6 to 0.15.1?

Hello everyone, I have installed netmaker with the helm chart on my kube cluster and I want to know how I can map some of my service in the netmaker network ? I try to set network range to a range where I have an exposed server but It’s not detected, I deduce it’s two separate network. Thank you for you help 😄

Hello everyone, I'm trying to deploy a DaemonSet on kube but when I deploy it, I have this log error. But I don't understand how I can fix it ? I provide the right token in DaemonSet file

{
  "apiconnstring": "api.nm.XX.XX:443",
  "network": "scw-k8s",
  "key": "XXXXXXXXXXXXX",
  "localrange": ""
}

Thank you for your help !

[netclient] joining network
3
2022/09/30 08:03:31 running userspace WireGuard with wireguard-go
2
2022/09/30 08:03:31 no server address provided
1
Failed to join, quitting.

Is it possible to use netmaker as a kubernetes ingress? I have a netmaker server on a vps in the cloud so far

I was thinking I could redirect all traffic on ports 443/80 to the ip address for the vip of the ingress for my cluster via an egress gateway

But to reach netmaker then i'd have to route back through wiregaurd

Is it possible to use netmaker as a

Anyone going to KubeCon next week? If so, drop me a message!