Hey everyone, I am trying out rke2 on an

Ubuntu 22.04.2 LTS

by going through the QuickStart and I have an issue where my CNI pod doesn't come up because it cannot talk to the api server, (i have tried different cnis and I get the same issue). Right now I have an instance with rke2 setup with these commands

ufw disable
curl -sfL <https://get.rke2.io> |  sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service

I don't see any errors in the journalctl logs but the pod

rke2-canal-___

is stuck in an init crashloopbackoff. and from the logs of the

install-cni

container, I see that it cannot connect to the

kubernetes

service:

2023-05-23 10:36:11.795 [FATAL][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=Post "<https://10.43.0.1:443/api/v1/namespaces/kube-system/serviceaccounts/canal/token>": dial tcp 10.43.0.1:443: i/o timeout

this is my service and endpoints:

root@k8s-master-1:~# kubectl get svc -owide
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE   SELECTOR
kubernetes   ClusterIP   10.43.0.1    <none>        443/TCP   14m   <none>

root@k8s-master-1:~# kubectl get endpoints -owide
NAME         ENDPOINTS            AGE
kubernetes   45.76.137.187:6443   15m

I can reach the endpoint

$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://45.76.137.187:6443>
....
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
* Connection #0 to host 45.76.137.187 left intact

but I cannot reach the

kubernetes

service

$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://10.43.0.1>
* Uses proxy env variable NO_PROXY == '.svc,.cluster.local,10.42.0.0/16,10.43.0.0/16'
*   Trying 10.43.0.1:443...
* TCP_NODELAY set