尝试 ssh 连接时，Hashicorp 边界抛出无法通过 WebSocket 拨号

我可以使用以下命令成功验证自己的身份。

~ boundary authenticate password -login-name=jeff -password=foofoofoo -auth-method-id=ampw_5Aiqy1zvF5

Authentication information:
  Account ID:      apw_nDkJsApfym
  Auth Method ID:  ampw_5Aiqy1zvF5
  Expiration Time: Wed,10 Mar 2021 14:49:42 JST
  Token:
  at_p0itAjmn67_s12TzikoWGGZfA4vtNy17Za2jqYPhntRZgSt6fV1daQYReBR5Vmz52jFa5mZdy6kDmmkRerGngNK2RBpyUeuzcGoBTF7YiUohcmyRdngWdRbdT
  User ID:         u_mPihJkaNsc

但是，当我尝试使用 boundary connect ssh -target-id ttcp_bNARIi1qIZ 连接到目标实例时，出现以下错误。

Error dialing the worker: Failed to WebSocket dial: Failed to send handshake request: Get "https://boundary.dev.mydomain.cloud:9202/v1/proxy": dial tcp 10.0.16.28:9202: connect: operation timed out
kex_exchange_identification: read: Connection reset by peer
What should I check to handle this problem?

我的controller.hcl如下。

disable_mlock = true

controller {
    name = "kubernetes-controller"
    description = "A controller for a kubernetes demo!"
    database {
        url = "env://BOUNDARY_PG_URL"
    }
    public_cluster_addr = "boundary.boundary.svc.cluster.local:9201"
}

listener "tcp" {
    address = "0.0.0.0"
    purpose = "api"
    tls_disable = true
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "cluster"
    tls_disable = true
}

kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

我的worker.hcl如下。

disable_mlock = true
worker {
    # Name should be unique across workers
    name = "kubernetes-boundary-worker"
    description = "Boundary worker running in k8s"
    controllers = ["boundary.boundary.svc.cluster.local:9201"]
    public_addr = "boundary.dev.mydomain.cloud"
}
listener "tcp" {
    address = "0.0.0.0"
    purpose = "proxy"
    tls_disable = true
}
kms "aead" {
    purpose = "root"
    aead_type = "aes-gcm"
    key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
    key_id = "global_root"
}
kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}
kms "aead" {
    purpose = "recovery"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_recovery"
}

有关其他信息，我使用 kubernetes 作为 istio。我使用一种部署在不同的容器上分别部署了工作线程和控制器。如果我应该提供其他信息，请随时询问。谢谢。

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）