Hi folks, I am trying to deploy a k3s cluster spa...
# k3s
r
Hi folks, I am trying to deploy a k3s cluster spanning 3 Raspberry Pi 5 with Cilium. But I am hitting a roadblock. If I understand the docs here https://docs.cilium.io/en/stable/configuration/ and here https://docs.k3s.io/networking/basic-network-options?cni=Cilium correctly, I need to bootstrap the cluster without flannel. Afterwards I should be able to install Cilium. This is my k3s install command:
Copy code
curl -sfL <https://get.k3s.io> | K3S_TOKEN=SECRET sh -s - server \
    --cluster-init \
    --flannel-backend=none \
    --disable-kube-proxy \
    --disable servicelb \
    --disable-network-policy \
    --disable traefik \
    --cluster-cidr=10.8.0.0/16,fd00:0:0:0800::/56 \
    --service-cidr=10.9.0.0/16,fd00:0:0:0900::/112 \
    --node-external-ip=192.168.178.100 \
    --advertise-address=192.168.178.100 \
    --tls-san=k3s.local
And I attempt to install Cilium with this:
Copy code
cilium install \
  --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.8.0.0/16" \
  --set=ipam.operator.clusterPoolIPv6PodCIDRList="fd00:0:0:0800::/56"
The Cilium pods do not come up. One of them logs the following message:
Copy code
Error: Build config failed: failed to start: Get "<https://10.9.0.1:443/api/v1/namespaces/kube-system>": dial tcp 10.9.0.1:443: i/o timeout
What might the reason for this be? The IP ranges look correct and the k3s service doesn't log any errors besides missing a CNI.
c
You disabled kube-proxy and then you're getting an error accessing the apiserver in-cluster endpoint because kube-proxy isn't running to set up iptables rules to handle traffic to it.
Why did you disable kube-proxy? If you're trying to use the Cilium kube-proxy replacement you need to do that at deployment time, as a prerequisite for Cilium CNI to function.
r
Ah... that is plenty obvious. But I don't see how I can install Cilium at deployment time. At least there appear to be no mentions on how to do that in the docs. Looking at the blog posts I found dealing with this, I cannot find a mention of that either. (e.g. https://blog.stonegarden.dev/articles/2024/02/bootstrapping-k3s-with-cilium/)
Thank you very much for the hint. I was missing the parameters
k8sServiceHost
and
k8sServicePort
.