https://rancher.com/ logo
Title
a

ambitious-plastic-3551

08/20/2022, 9:53 PM
hostports are not opened
b

billions-easter-91774

08/21/2022, 10:45 AM
I analyzed an issue with the ingress a while ago and to retrigger (debug the helm installation) i actually extracted the yaml code for the helm installation and rerun it manually by myself. Perhaps you can try that. The hostports not open is an issue i actually face myself right now. But i think this might be correlated to cillium and i haven't found a solution for that. I upgraded from 1.23.6 to 1.23.9 an dnow to 1.24 still not working
a

ambitious-plastic-3551

08/21/2022, 5:43 PM
I did from 1.23.7 to 1.23.9
It migh be related, do you have the specific yaml I should look at
b

billions-easter-91774

08/21/2022, 6:01 PM
i took that yaml from the job which installed/runs helm install
but i'm also still struggling and i'm not sure what my issue is. Currently i tried disabling ipv6 as coredns also has issues but now coredns is still having issues because it can't bind to ipv6...
a

ambitious-plastic-3551

08/21/2022, 6:08 PM
Do you perhaps know where exactly? afaik, by default there's no ipv6, but I might be wrong, did you define ipv6 addresses for cluster nodes?
b

billions-easter-91774

08/21/2022, 6:41 PM
nope; still looking through stuff to find why/how. I was pretty sure before my upgrades (kernel + rke2) there was no ipv6 active. but that could also be just wrong
a

ambitious-plastic-3551

08/22/2022, 2:40 PM
I managed to make it work
netstat doesn't show opened port, but somehow it works
b

billions-easter-91774

08/22/2022, 5:02 PM
How?
a

ambitious-plastic-3551

08/22/2022, 5:06 PM
if you look @ Jobs, I had some failed nginx controller setup, I had some wrong configuration on the node though, so when it wanted to upgrade it failed... so I copied from my other cluster and re-run the job, so when job completed, I had some issues still, but I got that fixed too, IngressClass and some other nginx controller installation which I tried to install
rancher/klipper-helm image is mentioned there (which is hardened security suppsedly)