Search code examples
kubernetesdeisazure-aks

What is hcp-tunnelfront?


I have just installed my kubernetes cluster on azure using AKS. I have not installed anything and I noticed that the 'tunnelfront' pod was running:

tunnelfront

I have tried to find out what this pod is for and why it is running on my cluster, cannot find any reasons for it being there. I used kubectl to describe the pod:

Name:           tunnelfront-597b4868b8-8rz4w
Namespace:      kube-system
Node:           aks-agentpool-22029027-0/10.240.0.5
Start Time:     Mon, 07 May 2018 19:51:22 +0200
Labels:         component=tunnel
                pod-template-hash=1536042464
Annotations:    kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"tunnelfront-597b4868b8","uid":"d46dab68-449e-11e8-961c-0a58a...
Status:         Running
IP:             10.244.1.72
Controlled By:  ReplicaSet/tunnelfront-597b4868b8
Containers:
  tunnel-front:
    Container ID:   docker://a69b8d6dcaef7253d41d44fbd57fd776a0dfbf70dbbbb8303a691bebab169c26
    Image:          dockerio.azureedge.net/deis/hcp-tunnel-front:v1.9.2-v3.0.3
    Image ID:       docker-pullable://dockerio.azureedge.net/deis/hcp-tunnel-front@sha256:378db6f97778c6d86de94f72573a97975cd7b5ff6f1f02c1618616329fd94f1f
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 15 May 2018 09:40:10 +0200
    Last State:     Terminated
      Reason:       Error
      Exit Code:    137
      Started:      Mon, 07 May 2018 19:56:15 +0200
      Finished:     Tue, 15 May 2018 09:40:09 +0200
    Ready:          True
    Restart Count:  1
    Liveness:       exec [/lib/tunnel-front/check-tunnel-connection.sh] delay=10s timeout=1s period=10s #success=1 #failure=12
    Environment:
      OVERRIDE_TUNNEL_SERVER_NAME:  t_XXXXXX-66f17513.hcp.westeurope.azmk8s.io
      KUBE_CONFIG:                  /etc/kubernetes/kubeconfig/kubeconfig
    Mounts:
      /etc/kubernetes/certs from certificates (ro)
      /etc/kubernetes/kubeconfig from kubeconfig (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-xkj92 (ro)
Conditions:
  Type           Status
  Initialized    True
  Ready          True
  PodScheduled   True
Volumes:
  kubeconfig:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/kubelet
    HostPathType:
  certificates:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/kubernetes/certs
    HostPathType:
  default-token-xkj92:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-xkj92
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  beta.kubernetes.io/os=linux
Tolerations:     node.alpha.kubernetes.io/notReady:NoExecute for 300s
                 node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age               From                               Message
  ----     ------     ----              ----                               -------
  Warning  Unhealthy  1m (x54 over 7d)  kubelet, aks-agentpool-22029027-0  Liveness probe failed:

I can see that the image is from deis, but I have not installed helm or any such tool. What is TunnelFront? And do I need it?


Solution

  • tunnelfront is an AKS system component that's installed on every cluster that helps to facilitate secure communication from your hosted Kubernetes control plane and your nodes. It's needed for certain operations like kubectl exec, and will be redeployed to your cluster on version upgrades (note that the tunnelfront version matches the cluster version).

    If you run into problems with tunnelfront, please do file an issue on https://github.com/Azure/AKS/issues