little-shampoo-18495
05/23/2023, 10:51 AMUbuntu 22.04.2 LTS
by going through the QuickStart and I have an issue where my CNI pod doesn't come up because it cannot talk to the api server,
(i have tried different cnis and I get the same issue).
Right now I have an instance with rke2 setup with these commands
ufw disable
curl -sfL <https://get.rke2.io> | sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service
I don't see any errors in the journalctl logs
but the pod rke2-canal-___
is stuck in an init crashloopbackoff.
and from the logs of the install-cni
container, I see that it cannot connect to the kubernetes
service:
2023-05-23 10:36:11.795 [FATAL][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=Post "<https://10.43.0.1:443/api/v1/namespaces/kube-system/serviceaccounts/canal/token>": dial tcp 10.43.0.1:443: i/o timeout
this is my service and endpoints:
root@k8s-master-1:~# kubectl get svc -owide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 14m <none>
root@k8s-master-1:~# kubectl get endpoints -owide
NAME ENDPOINTS AGE
kubernetes 45.76.137.187:6443 15m
I can reach the endpoint
$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://45.76.137.187:6443>
....
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "Unauthorized",
"reason": "Unauthorized",
"code": 401
* Connection #0 to host 45.76.137.187 left intact
but I cannot reach the kubernetes
service
$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://10.43.0.1>
* Uses proxy env variable NO_PROXY == '.svc,.cluster.local,10.42.0.0/16,10.43.0.0/16'
* Trying 10.43.0.1:443...
* TCP_NODELAY set