cloudflared: kubectl tunnel not working

Hi,

I’ve been trying to setup an Argo tunnel for exposing my Kube API but apparently, the socks5 solution is not working out for me.

This is the command I run on my kube host (origin):

cloudflared tunnel --hostname k8s.my-domain.com --url tcp://127.0.0.1:6443 --socks5=true

It runs fine. This is what I run in the client:

cloudflared access tcp --hostname k8s.my-domain.com --url 127.0.0.1:1234

Then, when I try to run kubectl with the SOCKS5 proxy in the client, this is what I get in the origin logs:

2021-03-14T19:01:53Z ERR 127.0.0.1:6443 is not a http service
2021-03-14T19:01:53Z ERR CF-RAY: 62ffc0d37f87d45f-HAM Proxying to ingress 0 error: Not a http service

A curl/kubectl to 127.0.0.1:6443 from within the origin works perfectly fine.

I’m using k3s with kubectl v.1.15.5.

I’ve set all possible log levels to debug but couldn’t find any meaningful information.

Thanks for any help!

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Comments: 16 (5 by maintainers)

Most upvoted comments

@chungthuang if I do that then there’s a problem with TLS handshake:

error="remote error: tls: handshake failure"

From what I understood from the Cloudflare documentation, the idea of using socks5 is exactly to avoid having the TLS handshake issue.

This is the excerpt from the documentation:

The proxy allows your local kubectl tool to connect to cloudflared via a SOCKS5 proxy, which helps avoid issues with TLS handshakes to the cluster itself. In this model, TLS verification can still be exchanged with the kubectl API server without disabling or modifying that flow for end users.

+1
RTodorov on Mar 20, 2021
Read more comments on GitHub
← cloudflared: 🐛Intermittent outages
cloudflared: Many http/2 tunnels on different servers are getting repeatedly disconnected `Connection terminated error="connection with edge closed"` →