1

我可以使用以下命令成功验证自己。

~ boundary authenticate password -login-name=jeff -password=foofoofoo -auth-method-id=ampw_5Aiqy1zvF5

Authentication information:
  Account ID:      apw_nDkJsApfym
  Auth Method ID:  ampw_5Aiqy1zvF5
  Expiration Time: Wed, 10 Mar 2021 14:49:42 JST
  Token:
  at_p0itAjmn67_s12TzikoWGGZfA4vtNy17Za2jqYPhntRZgSt6fV1daQYReBR5Vmz52jFa5mZdy6kDmmkRerGngNK2RBpyUeuzcGoBTF7YiUohcmyRdngWdRbdT
  User ID:         u_mPihJkaNsc

但是,当我尝试使用 连接到目标实例boundary connect ssh -target-id ttcp_bNARIi1qIZ时,出现以下错误。

Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get "https://boundary.dev.mydomain.cloud:9202/v1/proxy": dial tcp 10.0.16.28:9202: connect: operation timed out
kex_exchange_identification: read: Connection reset by peer
What should I check to handle this problem?

controller.hcl的如下。

disable_mlock = true

controller {
    name = "kubernetes-controller"
    description = "A controller for a kubernetes demo!"
    database {
        url = "env://BOUNDARY_PG_URL"
    }
    public_cluster_addr = "boundary.boundary.svc.cluster.local:9201"
}

listener "tcp" {
    address = "0.0.0.0"
    purpose = "api"
    tls_disable = true
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "cluster"
    tls_disable = true
}

kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

worker.hcl的如下。

disable_mlock = true
worker {
    # Name should be unique across workers
    name = "kubernetes-boundary-worker"
    description = "Boundary worker running in k8s"
    controllers = ["boundary.boundary.svc.cluster.local:9201"]
    public_addr = "boundary.dev.mydomain.cloud"
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "proxy"
    tls_disable = true
}
kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

有关更多信息,我将 kubernetes 用作 istio。我使用一个部署将工作人员和控制器分别部署在不同的容器上。如果我应该提供其他信息,请随时询问。谢谢。

4

0 回答 0