https://rancher.com/ logo
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
k3s
  • w

    wide-author-88664

    12/09/2022, 5:26 PM
    Good day K3S folk — question about install option; can I pass the
    --tls-san
    option more than once if I want to add both an IP and a DNS name as SANs, or does the
    --tls-san
    option accept multiple values (and, how to specify multiple values then?)
    c
    • 2
    • 3
  • w

    wide-author-88664

    12/09/2022, 5:26 PM
    Docs don’t speak to this…
  • l

    limited-accountant-71118

    12/12/2022, 9:57 AM
    Hello k3s-community I have a single node k3s installation and noticed that ports 6443 and 10250 are open from the outside. How can I add iptables rules in order to close these ports from the outside? When I run iptables -L I see a plethora of rules but have no idea where and how these are configured and thus how to add a couple of them. I am using k3s-selinux-1.2-2.el8.noarch Regards Hans
    n
    • 2
    • 2
  • a

    abundant-camera-87627

    12/12/2022, 10:44 AM
    Is there a way to troubleshoot entries (with verbose logging) in
    /etc/rancher/k3s/registries.yaml
    ? I've entered several entries, but it looks like none of them are being honored. I have entries as follows:
    mirrors:
      "<http://docker.io|docker.io>":
        endpoint:
          - "<https://registry>.<fqdn>"
        rewrite:
          "(.*)": "library/docker.io/$1"
    However pods are not coming up with the following errors:
    Failed to pull image "<http://docker.io/bitnami/sealed-secrets-controller:v0.18.1|docker.io/bitnami/sealed-secrets-controller:v0.18.1>": rpc error: code = Unknown desc = failed to pull and unpack image "<http://docker.io/bitnami/sealed-secrets-controller:v0.18.1|docker.io/bitnami/sealed-secrets-controller:v0.18.1>": failed to resolve reference "<http://docker.io/bitnami/sealed-secrets-controller:v0.18.1|docker.io/bitnami/sealed-secrets-controller:v0.18.1>": failed to do request: Head "<https://registry-1.docker.io/v2/library/docker.io/bitnami/sealed-secrets-controller/manifests/v0.18.1>": dial tcp 44.205.64.79:443: connect: no route to host
    Similarly,
    k3s ctr image pull <http://docker.io/bitnami/sealed-secrets-controller:v0.18.1|docker.io/bitnami/sealed-secrets-controller:v0.18.1>
    returns the same error.
    ✅ 1
    c
    • 2
    • 5
  • a

    average-night-25048

    12/12/2022, 4:49 PM
    Hi Team, im pretty new with helm and k3s, I'm using jenkins pipeline to handle the deployment to 3 of my servers (dev, test, prod) based in some conditions inside the pipeline, i was making this with docker using its exposed api from each server, now im trying to do this with helm, install the chart in one of those servers, based on the same condition in my pipeline, is there any way to achieve this? hope i made myself clear 😅
    w
    • 2
    • 8
  • h

    helpful-window-37061

    12/17/2022, 7:03 AM
    Hi there. I'm having difficulty with getting Multus CNI working with k3s and Cilium, but I don't know if I should be asking about it here or Cilium slack or where?
  • r

    red-daybreak-12301

    12/18/2022, 12:11 AM
    Hello there 👋 How can one install a custom CNI if starting k3s without flannel (default CNI) don't let you start any pod because of a missing CNI (chiken and egg problem)?
    c
    • 2
    • 1
  • a

    alert-refrigerator-93230

    12/18/2022, 2:02 AM
    Is there a decent guide on getting k3s set up on 2 hosts running multiple agents in docker?
    c
    • 2
    • 1
  • m

    microscopic-exabyte-68097

    12/18/2022, 9:16 PM
    HI team can someone please help me with the question i have in this to a thread
    • 1
    • 2
  • i

    icy-finland-84263

    12/18/2022, 9:32 PM
    Hi, I’ve got a scenario where I need to authenticate with a repository to grab helm charts from using the
    HelmChart
    CRD. I came across a chat from this channel via google (link) which is pretty much my exact problem, I was interested to know if this ever went anywhere? Any info would be greatly appreciated!
    • 1
    • 1
  • s

    shy-shampoo-22224

    12/19/2022, 4:56 PM
    When backing up k3s running against an external SQL DB, do you also need to back up files in the datadir? Certs or anything
    c
    • 2
    • 1
  • b

    bright-london-1095

    12/20/2022, 1:57 PM
    Hi, I'm getting this error sometime and traefik won't be serving traffic resulting
    502 bad gateway
    . Has any faced this issue ?
    k3s: v1.22.8
    echo 'Installing helm_v3 chart'
    helm_v3 install --set-string global.systemDefaultRegistry= traefik <https://10.43.0.1:443/static/charts/traefik-10.14.100.tgz> --values /config/values-01_HelmChart.yaml --values /config/values-10_HelmChartConfig.yaml
    Error: INSTALLATION FAILED: cannot re-use a name that is still in use
    c
    • 2
    • 12
  • i

    important-tomato-46085

    12/21/2022, 4:15 AM
    Howdy, using the local-path-provisioner, is it possible to create an additional storageclass to write to other volumes/disk locations on the nodes? I have some auxiliary "fast" disks that could be useful for certain applications and wondering how to best use them in a k3s environment.
  • s

    square-coat-44873

    12/21/2022, 4:21 PM
    hi, i installed k3s with 1 server and 3 agent nodes. i noticed k3s is using containerd by default. how do i list the containers running on any given node (server or agents)? I had posted this same question on stackoverflow but not getting anywhere: https://stackoverflow.com/questions/73941545/where-are-my-container-images-when-running-kubernetes-with-containerd
    i
    g
    • 3
    • 9
  • s

    square-coat-44873

    12/21/2022, 10:56 PM
    Hi, to upgrade k3s, this page says I can just run
    curl -sfL <https://get.k3s.io> | sh -
    Do I run this on each k3s server (master)? on each agent (worker)? Does this upgrade the underlying version of k8s as well (and all of the underlying tools, i.e. containerd, runc, …)? https://docs.k3s.io/upgrades/manual#upgrade-k3s-using-the-installation-script
    g
    c
    • 3
    • 10
  • a

    able-mechanic-45652

    12/22/2022, 6:12 AM
    Hi, installation of k3s with selinux enabled does not seem to work, it seems to loop with logs showing "SELinux is preventing /pause from read access on the file /pause"
    c
    • 2
    • 5
  • c

    curved-army-69172

    12/22/2022, 9:00 AM
    Hi all, I have k3s clusters (1.24.8) deployed via Rancher (2.6.9) on Openstack (via the openstack-cloud-controller-manager). Now on 3 clusters the Octavia based loadbalancer for the traefik ingress controller died and got deleted by k3s. The "traefik" service is gone and the traefik deployment (pod) says so in it's log... Is there a way to bring it back?
  • c

    curved-army-69172

    12/22/2022, 9:07 AM
    i guess internally it's based on some helm install job - not sure if it's possible to run that again?
  • c

    curved-army-69172

    12/22/2022, 10:44 AM
    ok, not sure if this is the "cleanest" way, but i downloaded the spec for the batch job "helm-install-traefik" deleted the old job, deleted the managedFiles, status and the UIDs and did "kubectl apply" - while this gave a few warnings / errors it created a fresh LB service (which in turn creates the octavia based LB in Openstack) - and for now everything seems to work ...
  • a

    acoustic-sunset-13848

    12/22/2022, 1:40 PM
    I am attempting to have pods with multiple network interfaces. For this I am using Multus and Flannel. The issue is that if I add multiple networks on the pod, they all come up in the same subnet. It looks like I should be able to create multiple flannel vxlans by running multiple flannel DS with a separate config. Is this the best way to accomplish multiple networks. Is there an example of this somewhere?
  • b

    brainy-action-93740

    12/22/2022, 10:30 PM
    Anyone else experiencing disconnects/timeouts when applying new custom resource definitions to a k3s single node cluster? I just wonder if it is normal. I can get around it by probing the kubernetes api URL until it works again.
    c
    • 2
    • 3
  • h

    hallowed-student-81622

    12/23/2022, 4:38 PM
    Installing the k3s agent machine here, but want to keep firewalld running. Based on documentation and a hunch, would this be enough? or too much? Would all communication be on the flannel interface or should i allow these ports on eth0 interface instead?
    sudo firewall-cmd --zone=trusted --add-interface=flannel.1 --permanent
    sudo firewall-cmd --zone=trusted --add-masquerade --permanent
    sudo firewall-cmd --zone=trusted --add-port=6443/tcp --permanent
    sudo firewall-cmd --zone=trusted --add-port=10250/tcp --permanent
    sudo firewall-cmd --zone=trusted --add-port=8472/udp --permanent
    sudo firewall-cmd --zone=trusted --add-port=51820/udp --permanent
    sudo firewall-cmd --zone=trusted --add-port=51821/udp --permanent
    sudo firewall-cmd --reload
    ✅ 1
  • w

    wonderful-appointment-6480

    12/24/2022, 8:09 AM
    Anyone successfully running longhorn with k3s in an etcd setup with multiple master nodes?
    l
    • 2
    • 1
  • g

    gray-river-53365

    12/25/2022, 8:09 PM
    Hello, is there a way to edit HA stuff like ‘pod-eviction-timeout‘ or ‘node-monitor-grace-period‘ ?
    c
    • 2
    • 2
  • p

    plain-dress-30909

    12/27/2022, 7:31 AM
    Hi, sometimes there is a delay (about 1~10 minutes) in apply network policy to new Pods in my k3s cluster (they runs v1.25.4+k3s1). how can i fix/research this?
    l
    • 2
    • 8
  • c

    colossal-action-96650

    12/27/2022, 3:44 PM
    Hello, Background: 13 node bare-metal Raspberry Pi 4 based cluster, 1 master, 12 workers. Running K3s v1.24.8+k3s1 for compatibility with Rancher management UI. I’m doing this to learn Kubernetes. I’m trying to add 2 more master nodes. After working through various goofs of my own (failed to match K3s version and launching with the same flags as the original master), I believe I got all of that straightened out. The respective .service files indicate as such, anyway. However, when I attempt to add these 2 nodes as master, I get the following error in the logs:
    2477 authentication.go:63] "Unable to authenticate the request" err="[invalid bearer token, [invalid bearer token, square/go-jose: error in cryptographic primitive]]"
    And, they never show up in the output of
    kubectl get nodes
    I’ve Googled that error and find many bug reports, posts, etc. but no definitive answer or solution. I’ve wiped out these new nodes and started fresh, but still get the same error. Any advice would be appreciated.
    c
    • 2
    • 9
  • w

    witty-pharmacist-4169

    12/28/2022, 4:37 AM
    Is there something I need to do in order to allow the traefik ingress manager to function properly with a stock install? I've deployed several helm charts I've used before on cloud provided Kubernetes, and it always works properly. Now when I deploy it to my fresh k3s cluster with one node, it gives me
    Bad Gateway
    And nothing else. I deployed an Ubuntu pod to test things out, and the service it's trying to connect to functions properly and I get the output from the pod while curl'ing the service DNS. It really feels like an issue between the ingress and the service. When I deploy an ingress with Helm it gives me the following errors within the Traefik pod.
    time="2022-12-28T03:08:21Z" level=error msg="Skipping service: no endpoints found" providerName=kubernetes serviceName=test servicePort="&ServiceBackendPort{Name:,Number:80,}" ingress=test namespace=default
    time="2022-12-28T03:08:22Z" level=error msg="Skipping service: no endpoints found" servicePort="&ServiceBackendPort{Name:,Number:80,}" providerName=kubernetes namespace=default ingress=test serviceName=test
    c
    • 2
    • 4
  • a

    able-mechanic-45652

    12/28/2022, 1:39 PM
    Hi, I have new k3s cluster and I'd like to proxy connections to the master servers through our lb. This currently fails with "Unable to connect to the server: x509: certificate is valid for <list of cluster server ip's> not <lb ip>". I guess I need to add the --tls-san option with lb IP, can this be set after cluster setup?
  • l

    late-city-83596

    01/02/2023, 12:17 AM
    Hello, please I'm trying to install k3s on a windows 10 machine, I was wondering if there is any concrete guide on how to achieve this? Thanks alot
    c
    • 2
    • 1
  • l

    late-needle-80860

    01/02/2023, 5:05 PM
    I’m experiencing https://github.com/cilium/cilium/issues/22585 so:
    Error: EMFILE: too many open files, watch '/'
        at FSWatcher.<computed> (node:internal/fs/watchers:244:19)
        at Object.watch (node:fs:2303:34)
        at /usr/local/lib/node_modules/json-server/lib/cli/run.js:179:10 {
      errno: -24,
      syscall: 'watch',
      code: 'EMFILE',
      path: '/',
      filename: '/'
    }
Powered by Linen
Title
l

late-needle-80860

01/02/2023, 5:05 PM
I’m experiencing https://github.com/cilium/cilium/issues/22585 so:
Error: EMFILE: too many open files, watch '/'
    at FSWatcher.<computed> (node:internal/fs/watchers:244:19)
    at Object.watch (node:fs:2303:34)
    at /usr/local/lib/node_modules/json-server/lib/cli/run.js:179:10 {
  errno: -24,
  syscall: 'watch',
  code: 'EMFILE',
  path: '/',
  filename: '/'
}
View count: 41