This message was deleted.
# k3sa
adamant-kite-43734
10/24/2022, 9:07 AMThis message was deleted.
b
bland-account-99790
10/24/2022, 1:13 PMcan you share your k3s config please?
bland-account-99790
10/24/2022, 1:13 PMor
kubectl get nodes -o yaml | grep "<http://k3s.io/node-args|k3s.io/node-args>"a
able-mechanic-45652
10/24/2022, 1:56 PM# /usr/local/bin/k3s kubectl get nodes -o yaml | grep "k3s.io/node-args"
k3s.io/node-args: '["agent","--server","https://kube-master.domain.fi:6443"]'
k3s.io/node-args: '["server","--disable-cloud-controller","--no-deploy","traefik","--node-taint","k3s-controlplane=true:NoExecute"]'
k3s.io/node-args: '["agent","--server","https://kube-master.domain.fi:6443"]'
able-mechanic-45652
10/24/2022, 2:12 PMIPTables-Reject-Input: IN=eth0 OUT= MAC=... SRC=<worked#1 ip> DST=<worker#2 ip> LEN=137 TOS=0x00 PREC=0x00 TTL=64 ID=33173 PROTO=UDP SPT=53112 DPT=8472 LEN=117
able-mechanic-45652
10/24/2022, 2:13 PMI got above errors in journal on both worker nodes so it seems the iptables is blocking ... is it flannel traffic?
able-mechanic-45652
10/24/2022, 2:16 PM$ sudo cat /etc/sysconfig/iptables*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [51:25393]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp -s <worker#1 ip>,<worker#2 ip> --dport 8472 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:32767 -j ACCEPT-A INPUT -s 10.42.0.0/16 -j ACCEPT-A INPUT -d 10.42.0.0/16 -j ACCEPT-A INPUT -j LOG --log-prefix "IPTables-Reject-Input: " --log-level 4-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -s 10.42.0.0/16 -j ACCEPT-A FORWARD -d 10.42.0.0/16 -j ACCEPT-A FORWARD -j LOG --log-prefix "IPTables-Reject-Forward: " --log-level 4-A FORWARD -j REJECT --reject-with icmp-host-prohibited-A OUTPUT -o lo -j ACCEPTCOMMIT*nat:PREROUTING ACCEPT [17:964]:INPUT ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:POSTROUTING ACCEPT [0:0]COMMITable-mechanic-45652
10/24/2022, 2:16 PMthe default iptables config would seem to allow traffic on 8472 port though
b
bland-account-99790
10/24/2022, 3:00 PMCan you try pinging coredns from the node where it runs and from another node? Let' check if it is a connectivity issue
a
able-mechanic-45652
10/24/2022, 3:04 PMactually I found a bruteforce method, https://github.com/k3s-io/k3s/issues/535#issuecomment-907789701 Seemed to fix the connectivity issues for now
b
bland-account-99790
10/24/2022, 4:17 PMinteresting. You are using Oracle Cloud?
a
able-mechanic-45652
10/24/2022, 4:18 PMNo, centos 7 vm's on vmware. Should probably test if these changes work after boot as well
36 Views