This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

12/27/2022, 3:44 PM

This message was deleted.

creamy-pencil-82913

12/27/2022, 8:11 PM

That suggests that the other nodes have invalid certs, probably not shared with the first one. Are you using embedded etcd, or an external DB?

creamy-pencil-82913

12/27/2022, 8:13 PM

I suspect you may have started them up as standalone servers at some point, and they are running pods with secrets from that configuration, instead of from the desired cluster

creamy-pencil-82913

12/27/2022, 8:13 PM

I would (one at a time) run the uninstall script, delete them from the cluster, then reinstall and rejoin.

colossal-action-96650

12/27/2022, 8:37 PM

thanks for the reply! i am [attempting] to run embedded etcd i have uninstalled using the script and reinstalled numerous times to no avail. i have also verified the absence of

/var/lib/rancher/k3s

which is the only place I'm aware of that contains the certificates

colossal-action-96650

12/27/2022, 8:38 PM

curl -sfL <https://get.k3s.io> | INSTALL_K3S_VERSION=v1.24.8+k3s1 INSTALL_K3S_EXEC="--disable traefik --disable servicelb --kube-controller-manager-arg bind-address=0.0.0.0 --kube-proxy-arg metrics-bind-address=0.0.0.0 --kube-scheduler-arg bind-address=0.0.0.0 --etcd-expose-metrics true --kubelet-arg containerd=/run/k3s/containerd/containerd.sock" K3S_TOKEN=[token] sh -s - server --server <https://10.3.14.2:6443>

is the latest version if the command I used to install K3s. I see

server

and

--server

in there, which would I need to eliminate. I was just trying to replicate the .service file flags as closely as I could

creamy-pencil-82913

12/27/2022, 8:52 PM

something running somewhere in the cluster has a serviceaccount token that was signed by a different key. That’s all I can tell from that error. The most common cause of that is one of the control-plane nodes having a serviceaccount issuer key that is out of sync with the others.

colossal-action-96650

12/27/2022, 9:05 PM

right now there is just the one etcd/controlplane node. in my Googlings, about the only suggestion I found was to delete all service accounts and restart K3s, which I did, but again, no luck. If my install command has a flaw, that could explain why that didn't work. Is the command above good or should I remove one of the

server

flags? if so, which one?

creamy-pencil-82913

12/28/2022, 12:46 AM

there are not two server flags. You have

server

as in

k3s server

which is a command… and then you have

--server=<https://x:6443>

which is a flag that tells it where the existing server is.

colossal-action-96650

12/28/2022, 3:25 PM

ok, so the command is good? any advice how to proceed? again, I'm fairly new and trying to learn. Would rotating the certificates work maybe?

29 Views

Open in Slack

Previous Next