-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve the accessibility of k8s.io domains in China #325
Comments
Maybe a reference case: helm/helm#5663 |
Is the problem that IP blocks that exist in Google Cloud's customer space are blocked? Or is it that the things we redirect to are blocked? |
Take You can use https://www.17ce.com/site?lang=en_us to test what it's like when accessing a site in China. |
Unfortunately,I can't read anything in that site :)
If all of Google Cloud IPs are blocked, we will have to run
something somewhere that isn't. I don't think I see any other choice?
…On Wed, Oct 23, 2019 at 9:53 PM Yang Li ***@***.***> wrote:
Take git.k8s.io which redirects to github.com/kubernetes as an example,
it's Google Cloud was blocked, not GitHub.
You can use https://www.17ce.com/site?lang=en_us to test what it's like
when accessing a site in China.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#325?email_source=notifications&email_token=ABKWAVGSP6WXKW7MAWGYKOTQQES6HA5CNFSM4IIOPCW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECDWHKA#issuecomment-545743784>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVCO4K3VX5GZ4NBLXYLQQES6HANCNFSM4IIOPCWQ>
.
|
Hmm, sorry, I was thinking maybe the English option will help. The check is done by requesting (GET, ping, traceroute, etc.) a host from different places in China, and you can see a map with availability after it's done. As said in the issue description, there're Google Cloud IPs not blocked, but I'm not quite sure about the details, the percentages may be different between regions. I understand this may be hard or annoying to find and change. Run something somewhere else is a choice but it also means more work :( |
If Google Cloud IPs are not blocked, what's going on?
If you run `curl -i git.k8s.io` what do you get?
…On Thu, Oct 24, 2019 at 6:33 PM Yang Li ***@***.***> wrote:
Hmm, sorry, I was thinking maybe the English option will help. The check
is done by requesting (GET, ping, traceroute, etc.) a host from different
places in China, and you can see a map with availability after it's done.
As said in the issue description, there're Google Cloud IPs not blocked,
but I'm not quite sure about the details, the percentages may be different
between regions. I understand this may be hard or annoying to find and
change.
Run something somewhere else is a choice but it also means more work :(
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#325?email_source=notifications&email_token=ABKWAVANO4AFHKNE5SUIST3QQJEH3A5CNFSM4IIOPCW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECG425A#issuecomment-546164084>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVD7ELX4LG4Y6YYAVHDQQJEH3ANCNFSM4IIOPCWQ>
.
|
To be clear, what I meant was that not all Google Cloud IPs nor sites running on Google Cloud are blocked (e.g. one of services I maintain in Asia regions on GKE is not), but apparently I’m currently not in China but I guess the curl command will return timed out. |
I will give the results later. Not at the computer right now. |
With no discernable pattern or logic to the blocks, I don't know what else
to do, short of a mirror that runs elsewhere...
…On Thu, Oct 24, 2019 at 10:11 PM Yang Li ***@***.***> wrote:
To be clear, what I meant was that not all Google Cloud IPs nor sites
running on Google Cloud are blocked (e.g. one of services I maintain in
Asia regions on GKE is not), but apparently git.k8s.io are one of which
are blocked, also others like slack.k8s.io. This is somewhat common for
public cloud providers.
I’m currently not in China but I guess the curl command will return timed
out.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#325?email_source=notifications&email_token=ABKWAVASFFWEAGNF4S4W7KTQQJ5WRA5CNFSM4IIOPCW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECHGM5Y#issuecomment-546203255>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVHMHO3MHK2FU2UYJZLQQJ5WRANCNFSM4IIOPCWQ>
.
|
Some other information:
|
Maybe you can visit this site to show the detail. http://ping.pe/git.k8s.io |
So you can resolve it our redirector but not actually get there.
As we're moving things to community-owned space, this redirector is one of
the targets. When we move it, we can try first setting up a branch in GCP
asia, which should rule out some issues. If that still doesn't fly, we'll
have to talk about in-country mirrors or something.
We're close to being able to do this - can it sit a little longer?
…On Thu, Oct 24, 2019 at 11:22 PM Jintao Zhang ***@***.***> wrote:
Maybe you can visit this site to show the detail.
http://ping.pe/git.k8s.io
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#325?email_source=notifications&email_token=ABKWAVGIGPQ5AXZRWSZHBTDQQKGDJA5CNFSM4IIOPCW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECHKH6Q#issuecomment-546219002>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVCU446EXE3K4UO6UY3QQKGDJANCNFSM4IIOPCWQ>
.
|
Thanks. We can try it; In fact, according to our experience, sometimes IP bans rely on whitelist mode, and sometimes rely on blacklist mode. And there is no clear announcement rule. 🙃 |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Hi everyone. :-) It looks like git.k8s.io is working (at least if I'm interpreting links you provided) now but slack.k8s.io is not. I'll try to read if there is any easy way we can help with this. Do anyone have more knowledge than few months back about how we can improve it? Bart |
I see |
I did some research and checked all
During testing Question also is if for Bart |
velodrome.k8s.io is down for the foreseeable future (ref: kubernetes/test-infra#16836) |
@spiffxp got it. Thank you for update |
@bartsmykla Hi Bart, thanks for your research and update! As far as I know, the block method of the Great Firewall is targeting on IPs in this case. It's just you're lucky or not to get an IP which not in the blocking rules (since a lot of Google's IPs are on the list). So hopefully this can be resolved when we moved all things from the old GCP project to the new one. What do we do if it's still on the blocking list after we move other stuff to the new infra? I wonder if we have other methods to address this. |
@idealhack the good thing is we can try to get other IP and if it won't work we can try use the fact the |
The only real answer is to run mirrors on other non-blocked services, for
which we will require owners to drive the work and administer the resulting
infra. And maybe credits, depending on the bill.
…On Tue, Mar 31, 2020 at 4:26 AM Bart Smykla ***@***.***> wrote:
@idealhack <https://github.com/idealhack> the good thing is we can try to
get other IP and if it won't work we can try use the fact the
redirect.k8s.io IP is currently not blocked so I'm sure we can figure
something out.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#325 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVABSRTXGBIB3EMS473RKHHMVANCNFSM4IIOPCWQ>
.
|
@idealhack as we are already moving slack-infra to the new infrastructure and are at the point where we deployed everything under https://slack-staging.k8s.io. The IP of slack-staging.k8s.io ( I did some testing using ping.pe (http://ping.pe/slack-staging.k8s.io) and it looks like the new IP address is not being blocked by the Great Firewall. |
It looks like gubernator.k8s.io and testgrid.k8s.io are now unaccessible though. |
We probably need to run a proxy server on non google IPs or better even within China. Happy to take a look, but not sure on timing. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/lifecycle frozen |
Hi, I was wondering if there is a solution for this other than forward proxying now? I noticed this issue hasn't been closed yet. |
This came up at Contributor Summit Shanghai in June, we then discussed it at the retro meeting and the sig-contribex APAC coordinator meeting.
Notes from the retro meeting:
So the important domains for contributors are
git.k8s.io
andslack.k8s.io
, while others may important to users.Can you help with this? There're IPs of Google Cloud not blocked, or maybe we could use CDN to improve the accessibility globally.
/sig contributor-experience
/priority important-longterm
cc @nikhita @jberkus
The text was updated successfully, but these errors were encountered: