This message was deleted.
# k3sa
adamant-kite-43734
06/09/2023, 9:00 AMThis message was deleted.
b
best-accountant-61831
06/09/2023, 9:27 AMContext of this question is actually trying to configure k3s using tailscale for node-server communications.
best-accountant-61831
06/09/2023, 9:30 AMJust found out about https://github.com/k3s-io/k3s/pull/7352 so basically I need to found out how to manually set this up for now.
Sounds like I need to set all node-*-ip and advertise ip to the tailscale ip.
But I better need to keep etcd on the local physical ip.
best-accountant-61831
06/09/2023, 9:54 AMAlso not sure what flannel-backend I should set. vxlan or host-ip? (COnsidering that tailscale needs to accept and advertise the pod (and serviuce?) cidr as routes
b
bland-account-99790
06/09/2023, 3:51 PMYou'll need a tailscale flannel backend
bland-account-99790
06/09/2023, 3:51 PMThat's what I'm doing in the PR. By using the flannel extension backend
b
best-accountant-61831
06/09/2023, 3:51 PMHi! Yes, thanks for that PR. In the mean time, I need to make the config manually though.
b
bland-account-99790
06/09/2023, 3:52 PMI hope I can merge the PR today, so that it is part of the next k3s release (in ~1 week)
bland-account-99790
06/09/2023, 3:52 PMYou should start tailscale, log and so on
bland-account-99790
06/09/2023, 3:53 PMand then use the tailscale IP as the node-ip
bland-account-99790
06/09/2023, 3:53 PMand also as the advertise-ip for kube-api
bland-account-99790
06/09/2023, 3:54 PMthat will make all your control plane traffic go through tailscale.
b
best-accountant-61831
06/09/2023, 3:55 PMI actually used the tailscale ip as the node external ip (on the server nodes)
also advertise, but kept the node-ip as the local ip
that seemed to make it so etcd works via that local ip
b
bland-account-99790
06/09/2023, 3:55 PMFor the data-plane traffic, maybe for the time being you are happy enough by selecting the tailscale interface as the flannel interface. Performance won't be awesome because your traffic will get a double encapsulation (vxlan+tailscale) but it should work
b
best-accountant-61831
06/09/2023, 3:56 PMyes, I was wondering if that could work with flannels host-ip backend, if I add the k3s subnets to tailscale (as you do in your PR)
b
bland-account-99790
06/09/2023, 3:56 PMHA mode is tricky, etcd traffic will not work well because it needs a very low latency for raft to work correctly
b
best-accountant-61831
06/09/2023, 3:57 PMmy servers will be in the same cloud/DC, so they can operate dirctly, without tailscale
b
bland-account-99790
06/09/2023, 3:57 PMperfect
bland-account-99790
06/09/2023, 3:58 PMhost-iptailscale0bland-account-99790
06/09/2023, 3:59 PMIIRC, if you keep
node-ipkube-apikubectl logskubectl execb
best-accountant-61831
06/09/2023, 4:04 PMhm, I'm getting
Copy code
Jun 09 16:01:16 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"info","ts":"2023-06-09T16:01:16.662Z","caller":"etcdserver/server.go:845","msg":"starting etcd server","local-member-id":"261f27b021c9631d","local-server-version":"3.5.7","cluster-id":"df7481bb94076a93","cluster-version":"3.5"}
Jun 09 16:01:16 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"info","ts":"2023-06-09T16:01:16.664Z","caller":"embed/etcd.go:275","msg":"now serving peer/client/metrics","local-member-id":"261f27b021c9631d","initial-advertise-peer-urls":["<http://127.0.0.1:2400>"],"listen-peer-urls":["<http://127.0.0.1:2400>"]
,"advertise-client-urls":["<http://127.0.0.1:2399>"],"listen-client-urls":["<http://127.0.0.1:2399>"],"listen-metrics-urls":[]}
Jun 09 16:01:16 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"info","ts":"2023-06-09T16:01:16.664Z","caller":"etcdserver/server.go:738","msg":"started as single-node; fast-forwarding election ticks","local-member-id":"261f27b021c9631d","forward-ticks":9,"forward-duration":"4.5s","election-ticks":10,"elect
ion-timeout":"5s"}
Jun 09 16:01:16 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"info","ts":"2023-06-09T16:01:16.664Z","caller":"embed/etcd.go:586","msg":"serving peer traffic","address":"127.0.0.1:2400"}
Jun 09 16:01:16 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"info","ts":"2023-06-09T16:01:16.664Z","caller":"embed/etcd.go:558","msg":"cmux::serve","address":"127.0.0.1:2400"}
Jun 09 16:01:19 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: {"level":"warn","ts":"2023-06-09T16:01:19.315Z","logger":"etcd-client","caller":"v3@v3.5.7-k3s1/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"<etcd-endpoints://0xc0004a2540/127.0.0.1:2399>","attempt":0,"error":"rpc error: code
= Canceled desc = context canceled"}
Jun 09 16:01:19 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: time="2023-06-09T16:01:19Z" level=info msg="Failed to test temporary data store connection: context canceled"
Jun 09 16:01:19 <http://rnwtrk-k3s-m0.drum-map.ts.net|rnwtrk-k3s-m0.drum-map.ts.net> k3s[41206]: time="2023-06-09T16:01:19Z" level=info msg="Failed to test temporary data store connection: failed to dial endpoint <http://127.0.0.1:2399> with maintenance client: context canceled"best-accountant-61831
06/09/2023, 4:04 PMcurently I have only this singl;e master
b
bland-account-99790
06/09/2023, 4:07 PMk3s fails to start then?
b
best-accountant-61831
06/09/2023, 4:08 PMhold on; it kept repeating
Failed to test temporary data store connectionbest-accountant-61831
06/09/2023, 4:09 PMafter a while systemd kills it, and when it then restarts it seems to not have that issue
best-accountant-61831
06/09/2023, 4:10 PMok, and then it starts up without any issue it seems
best-accountant-61831
06/09/2023, 4:11 PMnow I need to restart a worker node, and check tailscale
best-accountant-61831
06/09/2023, 4:12 PMworker complains about setting kubernetes subnets as routes
best-accountant-61831
06/09/2023, 4:13 PMI couldn't understand it from your patch, I assume I should publish and accept both pod cidr and service cidr via tailscale?
best-accountant-61831
06/09/2023, 4:34 PMhm, on the agent, I keep having an issue when it wants to add a route for its pod cidr
19818 route_network.go:92] Subnet added: 10.32.0.0/24 via 100.65.172.11
19818 route_network.go:167] Error adding route to {Ifindex: 9 Dst: 10.32.0.0/24 Src: <nil> Gw: 100.65.172.11 Flags: [] Table: 0 Realm: 0}: network is unreachable
b
bland-account-99790
06/09/2023, 4:45 PMoh
bland-account-99790
06/09/2023, 4:46 PMYeah, that makes sense. I don't think you can really use hostgw
b
best-accountant-61831
06/09/2023, 4:46 PMseems like an issue with how tailscale implements routing
best-accountant-61831
06/09/2023, 4:47 PMhow is this solved in your PR?
b
bland-account-99790
06/09/2023, 4:49 PMyou can't have a
xxx via xxxbland-account-99790
06/09/2023, 4:49 PMYou need to do everything in L3 layer
bland-account-99790
06/09/2023, 4:50 PMyou must use the subnet router feature of tailscale
b
best-accountant-61831
06/09/2023, 4:54 PMok, I'll need to dive a bit more into that. thanks for the headsup
best-accountant-61831
06/09/2023, 4:58 PMxx via yy is L3 btw
L2 would mean the local subnet
best-accountant-61831
06/09/2023, 4:59 PMok, so, tailscale subnet router means using the `
Copy code
--advertise-routes=best-accountant-61831
06/09/2023, 5:01 PMmight be an ACL issue
best-accountant-61831
06/12/2023, 3:53 PMI think I managed to get it working with
host-gwbest-accountant-61831
06/12/2023, 3:53 PMnow to let it run a bit and do some more checks
best-accountant-61831
06/12/2023, 3:53 PMeto be sure
b
bland-account-99790
06/12/2023, 3:53 PM๐ great, congratulations ๐
bland-account-99790
06/12/2023, 3:54 PMMy PR got merged
๐๐ป 1
b
best-accountant-61831
06/12/2023, 3:54 PMI think one issue was to not set flannel-iface to tailscal0, but let the host networking do it's thing (combined with advertising teh right routes on each node on the taiolscale network
266 Views