Bug: HTTP Proxy server not contactable when running as K8S deployment/service

[riazkarim]

Is this urgent?

None

Host OS

K8S

CPU arch

None

VPN service provider

NordVPN

What are you using to run the container

Kubernetes

What is the version of Gluetun

Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)

What's the problem 🤔

Hi, I'm running gluetun in K8S on EKS, and exposed the pod as a service using the below. But I'm unable to connect to it from another pod in the cluster.

Exec-ing into the pod and running some commands:

ping google.com

ping: bad address 'google.com'

ping 74.125.195.102

PING 74.125.195.102 (74.125.195.102): 56 data bytes
64 bytes from 74.125.195.102: seq=0 ttl=106 time=174.680 ms

Tells me that the DNS may not be working from within the gluetun pod. And creating a simple http-echo server in the cluster is accessible from other pods. My services look as follows:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gluetun-us ClusterIP 172.20.119.59 8888/TCP,8388/TCP 10m

Share your logs (at least 10 lines)

2025-02-03T15:48:57Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.0.47.117 and family v4
2025-02-03T15:48:57Z INFO [routing] adding route for 0.0.0.0/0
2025-02-03T15:48:57Z INFO [firewall] setting allowed subnets...
2025-02-03T15:48:57Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.0.47.117 and family v4
2025-02-03T15:48:57Z INFO [dns] using plaintext DNS at address 1.1.1.1
2025-02-03T15:48:57Z INFO [http server] http server listening on [::]:8000
2025-02-03T15:48:57Z INFO [healthcheck] listening on 127.0.0.1:9999
2025-02-03T15:48:57Z INFO [http proxy] listening on :8888
2025-02-03T15:48:57Z INFO [shadowsocks] listening TCP on [::]:8388
2025-02-03T15:48:57Z INFO [shadowsocks] listening UDP on [::]:8388
2025-02-03T15:48:57Z INFO [firewall] allowing VPN connection...
2025-02-03T15:48:57Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2025-02-03T15:48:57Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-02-03T15:48:57Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]107.175.105.211:1194
2025-02-03T15:48:57Z INFO [openvpn] UDPv4 link local: (not bound)
2025-02-03T15:48:57Z INFO [openvpn] UDPv4 link remote: [AF_INET]107.175.105.211:1194
2025-02-03T15:48:57Z INFO [openvpn] [us6266.nordvpn.com] Peer Connection Initiated with [AF_INET]107.175.105.211:1194
2025-02-03T15:48:58Z INFO [openvpn] TUN/TAP device tun0 opened
2025-02-03T15:48:58Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2025-02-03T15:48:58Z INFO [openvpn] /sbin/ip link set dev tun0 up
2025-02-03T15:48:58Z INFO [openvpn] /sbin/ip addr add dev tun0 10.100.0.2/16
2025-02-03T15:48:58Z INFO [openvpn] UID set to nonrootuser
2025-02-03T15:48:58Z INFO [openvpn] Initialization Sequence Completed
2025-02-03T15:48:58Z INFO [dns] downloading hostnames and IP block lists
2025-02-03T15:48:59Z INFO [healthcheck] healthy!
2025-02-03T15:49:01Z INFO [dns] DNS server listening on [::]:53
2025-02-03T15:49:02Z INFO [dns] ready
2025-02-03T15:49:04Z INFO [ip getter] Public IP address is 107.175.102.44 (United States, New York, Buffalo - source: ipinfo)

Share your configuration

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2025-02-03T15:37:29Z"
  name: gluetun-us
  namespace: default
  resourceVersion: "1596835"
  uid: 0fc2b7c4-b239-4553-9e59-6267cbc20110
spec:
  clusterIP: 172.20.119.59
  clusterIPs:
  - 172.20.119.59
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: proxy
    port: 8888
    protocol: TCP
    targetPort: 8888
  - name: socks
    port: 8388
    protocol: TCP
    targetPort: 8388
  selector:
    app: gluetun-us
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[riazkarim]

Additional info. Running this example in my K8S cluster does not work. The main pod can never reach the aws check ip url.

https://blog.cetinich.net/content/2024/initContainers-stuck-in-PodInitializing/

curl: (6) Could not resolve host: checkip.amazonaws.com

I'm running on EKS, K8S Version 1.31

[amrmostafa800]

i was have same error and it fixed with (look like port not open in firewall)

        - name: FIREWALL_INPUT_PORTS
          value: "10095,8888"

sorry for my bad english

[riazkarim]

I love you. That worked. Thank you!

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.