https://rancher.com/ logo
Title
l

little-shampoo-18495

05/23/2023, 10:51 AM
Hey everyone, I am trying out rke2 on an
Ubuntu 22.04.2 LTS
by going through the QuickStart and I have an issue where my CNI pod doesn't come up because it cannot talk to the api server, (i have tried different cnis and I get the same issue). Right now I have an instance with rke2 setup with these commands
ufw disable
curl -sfL <https://get.rke2.io> |  sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service
I don't see any errors in the journalctl logs but the pod
rke2-canal-___
is stuck in an init crashloopbackoff. and from the logs of the
install-cni
container, I see that it cannot connect to the
kubernetes
service:
2023-05-23 10:36:11.795 [FATAL][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=Post "<https://10.43.0.1:443/api/v1/namespaces/kube-system/serviceaccounts/canal/token>": dial tcp 10.43.0.1:443: i/o timeout
this is my service and endpoints:
root@k8s-master-1:~# kubectl get svc -owide
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE   SELECTOR
kubernetes   ClusterIP   10.43.0.1    <none>        443/TCP   14m   <none>

root@k8s-master-1:~# kubectl get endpoints -owide
NAME         ENDPOINTS            AGE
kubernetes   45.76.137.187:6443   15m
I can reach the endpoint
$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://45.76.137.187:6443>
....
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
* Connection #0 to host 45.76.137.187 left intact
but I cannot reach the
kubernetes
service
$ kubectl exec -it etcd-k8s-master-1 -nkube-system -- curl -vk <https://10.43.0.1>
* Uses proxy env variable NO_PROXY == '.svc,.cluster.local,10.42.0.0/16,10.43.0.0/16'
*   Trying 10.43.0.1:443...
* TCP_NODELAY set