This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

09/24/2022, 11:56 AM

This message was deleted.

creamy-pencil-82913

09/26/2022, 12:39 AM

Without a local kubelet and CNI, the control-plane node has no way to reach in-cluster endpoints. Try setting --egress-selector-mode=pod or cluster of pod causes problems.

bland-painting-61617

09/26/2022, 9:26 AM

I thought this would be the case but certainly something is working since I can curl against the webhook url from the control plane pod. There's the

Proxy via http_connect protocol over tcp

message which makes me believe the control plane is proxying the connection back to the node hosting the pod.

bland-painting-61617

09/26/2022, 9:33 AM

Where do I put the

egress-selector-mode

flag?

bland-painting-61617

09/26/2022, 9:38 AM

I put

egress-selector-mode: pod

in the cp configmap and I think it might have done the trick - will test more and report back.

creamy-pencil-82913

09/26/2022, 5:23 PM

what configmap? K3s doesn’t use a configmap to configure itself. You would want to put it in the server CLI flags or config.yaml.

bland-painting-61617

09/26/2022, 9:33 PM

Oh I'm sorry, that's what I meant - I put it in config.yaml which is in a configmap since K3s is running in a pod... Either way, could you point me towards some documentation of what this setting does and what the differences between them?

creamy-pencil-82913

09/26/2022, 9:37 PM

https://github.com/k3s-io/k3s/pull/5577

👍 1

bland-painting-61617

09/27/2022, 10:16 PM

Thanks, I moved my cluster's control plane from 3 masters at home to an AKS Pod - seems to work so far. Though, it would be nice to have this argument documented in the official docs. Also, not sure if the

pod

setting is default, because until I set it - nothing was working...

creamy-pencil-82913

09/27/2022, 11:20 PM

Agent is the default. Was changed after that pr.

👍 1

bland-painting-61617

10/01/2022, 6:13 PM

Thanks for your help @creamy-pencil-82913 - always on point 🙂

bland-painting-61617

10/05/2022, 9:01 AM

Hey @creamy-pencil-82913, I noticed a small issue with K3s starting in a K8s pod. Etcd doesn't like the fact the pod IP changes.

Copy code

time="2022-10-05T08:59:35Z" level=info msg="Failed to test data store connection: this server is a not a member of the etcd cluster. Found [k3st-control-plane-0-9ed411d0=<https://10.244.1.66:2380>], expect: k3st-control-plane-0-9ed411d0=<https://10.244.1.68:2380>"

I worked around it using a small script to update the endpoint IP in etcd allowing it recognize itself as a member and all works well. But I thought, perhaps it would be a good idea to raise an issue on it? Or is there already some kind of flag that would handle it.

--node-ip=$(NODE_IP)

with the variable having the IP of the pod doesn't do the trick.

creamy-pencil-82913

10/05/2022, 9:51 AM

When using etcd, node IP addresses are expected to be static for the life of a server node in the cluster.

🤣 1

creamy-pencil-82913

10/05/2022, 9:52 AM

If you’re running a single-node k3s cluster in a pod, why not just use kine+sqlite?

bland-painting-61617

10/05/2022, 10:25 AM

That is a good idea, just haven't explored kine yet. I wanted to keep the possibility of scaling up the statefulset to 2/3 nodes and have it work - but there might be no point in doing that so sqlite might be a good idea.

451 Views

Open in Slack

Previous Next