salmon-afternoon-72196
01/02/2023, 7:45 PMrich-cartoon-70161
01/03/2023, 9:55 AMrich-cartoon-70161
01/03/2023, 2:03 PMhandsome-autumn-77266
01/03/2023, 3:08 PMhandsome-autumn-77266
01/04/2023, 3:59 PMhandsome-autumn-77266
01/04/2023, 4:01 PMchilly-telephone-51989
01/05/2023, 10:14 AM● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-05 10:01:20 UTC; 9min ago
Docs: <https://k3s.io>
Process: 963939 ExecStartPre=/bin/sh -xc ! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service (code=exited, status=0/SUCCESS)
Process: 963941 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Process: 963942 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 963943 (k3s-server)
Tasks: 88
Memory: 679.2M
CPU: 46.703s
CGroup: /system.slice/k3s.service
├─ 1626 /var/lib/rancher/k3s/data/577968fa3d58539cc4265245941b7be688833e6bf5ad7869fa2afe02f15f1cd2/bin/containerd-shim-runc-v2 -namespace <http://k8s.io|k8s.io> -id 2a9aca2d3>
├─ 1809 /var/lib/rancher/k3s/data/577968fa3d58539cc4265245941b7be688833e6bf5ad7869fa2afe02f15f1cd2/bin/containerd-shim-runc-v2 -namespace <http://k8s.io|k8s.io> -id 4034e2e93>
├─ 2269 /var/lib/rancher/k3s/data/577968fa3d58539cc4265245941b7be688833e6bf5ad7869fa2afe02f15f1cd2/bin/containerd-shim-runc-v2 -namespace <http://k8s.io|k8s.io> -id 31f1caa57>
├─963482 /var/lib/rancher/k3s/data/577968fa3d58539cc4265245941b7be688833e6bf5ad7869fa2afe02f15f1cd2/bin/containerd-shim-runc-v2 -namespace <http://k8s.io|k8s.io> -id 76b5f8348>
├─963943 "/usr/local/bin/k3s server"
└─963959 containerd -c /var/lib/rancher/k3s/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/containerd --root /var/lib>
Jan 05 10:01:34 ip-172-31-46-55 k3s[963943]: I0105 10:01:34.384632 963943 shared_informer.go:262] Caches are synced for garbage collector
Jan 05 10:01:34 ip-172-31-46-55 k3s[963943]: I0105 10:01:34.384666 963943 garbagecollector.go:158] Garbage collector: all resource monitors have synced. Proceeding to coll>
Jan 05 10:01:34 ip-172-31-46-55 k3s[963943]: I0105 10:01:34.454332 963943 shared_informer.go:262] Caches are synced for garbage collector
Jan 05 10:06:31 ip-172-31-46-55 k3s[963943]: I0105 10:06:31.679514 963943 trace.go:205] Trace[110892778]: "Get" url:/api/v1/namespaces/xplorie/pods/gateway-86c6cc8bf4-fjnr>
Jan 05 10:06:31 ip-172-31-46-55 k3s[963943]: Trace[110892778]: ---"Writing http response done" 6201ms (10:06:31.679)
Jan 05 10:06:31 ip-172-31-46-55 k3s[963943]: Trace[110892778]: [6.204322629s] [6.204322629s] END
Jan 05 10:07:27 ip-172-31-46-55 k3s[963943]: I0105 10:07:27.025536 963943 trace.go:205] Trace[1243742719]: "Get" url:/api/v1/namespaces/xplorie/pods/web-7df799b896-kmjwl/l>
Jan 05 10:07:27 ip-172-31-46-55 k3s[963943]: Trace[1243742719]: ---"Writing http response done" 35215ms (10:07:27.025)
Jan 05 10:07:27 ip-172-31-46-55 k3s[963943]: Trace[1243742719]: [35.217361472s] [35.217361472s] END
Jan 05 10:09:32 ip-172-31-46-55 k3s[963943]: I0105 10:09:32.845634 963943 log.go:195] http: TLS handshake error from 127.0.0.1:39796: read tcp 127.0.0.1:10250->127.0.0.1:3
These servers are AWS EC machinesred-lizard-14453
01/05/2023, 2:16 PMcreamy-pencil-82913
01/07/2023, 6:48 PMhundreds-jewelry-18968
01/09/2023, 1:05 AMhundreds-jewelry-18968
01/09/2023, 1:09 AMhundreds-jewelry-18968
01/09/2023, 1:22 AMJan 09 01:18:01 facio k3s[29667]: E0109 01:18:01.542615 29667 authentication.go:63] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2023-01-09T01:18:01Z is after 2023-01-08T22:37:57Z, verifying certificate SN=2555825581207100645, SKID=,AKID=8F:E9:C8:2E:7F:91:B7:01:BC:7A:48:DD:77:8C:6A:EF:92:DA:E5:58 failed: x509: certificate has expired or is not yet valid: current time 2023-01-09T01:18:01Z is after 2023-01-08T22:37:57Z]"
can’t understand how this happened current time 2023-01-09T01:18:01Z is after 2023-01-08T22:37:57Z
hundreds-jewelry-18968
01/09/2023, 1:32 AMkubectl
commands in the master node (facio), I see pods running, but the service shows the errors described beforecreamy-pencil-82913
01/09/2023, 3:00 AMcreamy-pencil-82913
01/09/2023, 3:01 AMbillowy-apple-60989
01/09/2023, 8:54 AMbillowy-apple-60989
01/09/2023, 9:25 AMfierce-accountant-13638
01/09/2023, 4:21 PMrich-cartoon-70161
01/10/2023, 3:40 PMhigh-ram-79592
01/10/2023, 10:20 PMfreezing-lunch-86527
01/11/2023, 5:22 AMk3s server
is taking like 200% CPU and the kubernetes API is becoming unreachable which is causing a bunch of stuff to crash which is making the issue worse. I've poured through journalctl
and don't really see anything notable. Any ideas how to track down the root of this?mysterious-wire-57288
01/11/2023, 1:05 PMcareful-piano-35019
01/11/2023, 1:30 PMnice-motherboard-21953
01/12/2023, 8:04 AM---
apiVersion: <http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>
kind: IngressRouteTCP
metadata:
name: redis-service-tcp
spec:
entryPoints:
- redis
routes:
- match: HostSNI(`<http://redis.example.net|redis.example.net>`)
services:
- name: redis-service
port: 6379
tls:
secretName: wildcard-secret
(After applying this, I’m able to connect to <http://redis.example.net|redis.example.net>
using redis-cli)
However, I’m not able to do the same with postgres, even though the certificate etc is valid. Doesn’t postgres support SNI? Has anyone here exposed their postgres deployments via Traefik IngressRouteTCP with custom domain and TLS?prehistoric-judge-25958
01/12/2023, 2:32 PMlimited-accountant-71118
01/12/2023, 4:16 PMquick-dentist-45681
01/12/2023, 6:39 PMemrys.local
, which (after a few hickups with missing nss libraries and configuration) seems to resolve fine for everything else on the system, but k3s refuses to resolve it. Does k3s do direct DNS lookups? Is there a way to get it to resolve mdns names?billowy-apple-60989
01/13/2023, 10:25 AMbillowy-apple-60989
01/13/2023, 10:30 AMacceptable-king-56965
01/13/2023, 5:17 PM