https://rancher.com/ logo
Title
i

important-nightfall-75933

01/31/2023, 8:06 PM
I'm trying to install RKE2 version "v1.26.1+rke2r1" and it's failing to install canal.
kubectl logs -n kube-system rke2-canal-m2ddv install-cni
says:
2023-01-31 19:52:05.466 [ERROR][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=Post "https://10.43.0.1:443/api/v1/namespaces/kube-system/serviceaccounts/canal/token": dial tcp 10.43.0.1
:443: i/o timeout
I am using the
<https://get.rke2.io>
installer running on a fresh install of Ubuntu 20.04.4, and the only configuration I have done to is to configure NetworkManager to ignore CNI hosts. How can I resolve this issue?
c

creamy-pencil-82913

01/31/2023, 8:07 PM
have you disabled firewalld/ufw?
for some reason the pod is unable to reach the apiserver
is the kube-proxy pod running on that node?
i

important-nightfall-75933

01/31/2023, 8:09 PM
Yes, kube-proxy is running and does not have any errors in its log.
firewalld is not installed; ufw is disabled, and I have restarted the box after disabling it and setting the NetworkManager workaround
c

creamy-pencil-82913

01/31/2023, 8:11 PM
Is that pod with an error on a server, or an agent?
i

important-nightfall-75933

01/31/2023, 8:12 PM
This error is happening on a server -- I'm setting up a fresh cluster, and this is the only node so far.
c

creamy-pencil-82913

01/31/2023, 8:12 PM
Hmm. Have you customized the configuration at all? or did you literally just run the install script and then start the rke2-server service?
How long has it been in that state?
i

important-nightfall-75933

01/31/2023, 8:14 PM
The only configuration I have done is to set
node-name
,
node-external-ip
, and
tls-san
It was in this state almost immediately after installing RKE2
c

creamy-pencil-82913

01/31/2023, 8:19 PM
hmm. Why did you set those?
Do you see the same problem if you install with the default values?
Is the address specified for node-external-ip reachable from the node itself? Is it an actual address bound to the node, or is it a NATed public IP?
i

important-nightfall-75933

01/31/2023, 8:24 PM
Let me try doing an install without setting anything. In previous attempts, if I didn't set
node-external-ip
, it would use a NATed address that was causing problems for agents that weren't in the same network. I set
tls-san
because my intent was to set this up as a HA cluster with a proxy.
c

creamy-pencil-82913

01/31/2023, 8:34 PM
node-external-ip is usually used to inform the cluster of the node’s public IP that is NATed to the primary --node-ip address. Both the internal and external IPs need to be reachable by cluster members, including the node itself.
i

important-nightfall-75933

01/31/2023, 8:50 PM
Thank you for clarifying. Removing
node-external-ip
resolved this issue for me, and I am now able to start the RKE2 server successfully.