No access to Kubernetes service via ziti router

Support
1

I have a Kubernetes cluster based on AKS v. 1.30.7 and I follow the documentation from here. I have done everything as per the document except for the hostname, which is “hello.ziti”. There is a Ziti Controller and a Ziti Router in the same cluster. I use Ziti Desktop Edge for Windows 11 to connect to the network. When I try to connect to the hello service, the connection times out.

$ curl -vvv hello.ziti
21:21:32.602862 [0-x] == Info: [READ] client_reset, clear readers
21:21:32.623772 [0-0] == Info: Host hello.ziti:80 was resolved.
21:21:32.629739 [0-0] == Info: IPv6: (none)
21:21:32.634410 [0-0] == Info: IPv4: 100.64.0.8
21:21:32.639093 [0-0] == Info: [SETUP] added
21:21:32.643017 [0-0] == Info:   Trying 100.64.0.8:80...
21:21:53.675895 [0-0] == Info: connect to 100.64.0.8 port 80 from 0.0.0.0 port 55664 failed: Timed out
21:21:53.694357 [0-0] == Info: Failed to connect to hello.ziti port 80 after 21071 ms: Could not connect to server
21:21:53.715877 [0-0] == Info: [WRITE] cw-out done
21:21:53.725601 [0-0] == Info: closing connection #0
21:21:53.735659 [0-0] == Info: [SETUP] close
21:21:53.745800 [0-0] == Info: [SETUP] destroy
curl: (28) Failed to connect to hello.ziti port 80 after 21071 ms: Could not connect to server

Please help.

2

Hi @kinseii, welcome to the community and to OpenZiti. There are numerous reasons that can cause this problem. The first thing to do will be to look at all the logs.

Look at the ziti desktop edge logs first. There's usually some clear log with the reason in there. Then look at the controller and router logs during the time you try to connect. There are oven useful logs in there. Finally look at the offloading identity logs (often this is the same set of logs if using the router to offload traffic as a tunneler).

Have a look at those logs and follow up with any errors that seem relevant

4

Hi, thanx for reply!

I have that in Ziti Desktop Client logs:

ERROR ziti-sdk:connect.c:1071 connect_reply_cb() conn[1.9/R9czpJaH/Connecting](hello-service)
failed to connect, reason=service 6Nq7sqdJKaXJwWDI6iNL3M has no terminators
5

Thanks guys, everything worked, it was my own fault, I should have specified in the helm: tunnel.mode: host.