I'm trying to install RKE2 version "v1.26.1+rke2r1" and it's failing to install canal.

kubectl logs -n kube-system rke2-canal-m2ddv install-cni

says:

2023-01-31 19:52:05.466 [ERROR][1] cni-installer/<nil> <nil>: Unable to create token for CNI kubeconfig error=Post "https://10.43.0.1:443/api/v1/namespaces/kube-system/serviceaccounts/canal/token": dial tcp 10.43.0.1

:443: i/o timeout

I am using the

<https://get.rke2.io>

installer running on a fresh install of Ubuntu 20.04.4, and the only configuration I have done to is to configure NetworkManager to ignore CNI hosts. How can I resolve this issue?

have you disabled firewalld/ufw?

Yes, kube-proxy is running and does not have any errors in its log.

Is that pod with an error on a server, or an agent?

This error is happening on a server -- I'm setting up a fresh cluster, and this is the only node so far.

Hmm. Have you customized the configuration at all? or did you literally just run the install script and then start the rke2-server service?

The only configuration I have done is to set

node-name

,

node-external-ip

, and

tls-san

hmm. Why did you set those?

Let me try doing an install without setting anything. In previous attempts, if I didn't set

node-external-ip

, it would use a NATed address that was causing problems for agents that weren't in the same network. I set

tls-san

because my intent was to set this up as a HA cluster with a proxy.

node-external-ip is usually used to inform the cluster of the node’s public IP that is NATed to the primary --node-ip address. Both the internal and external IPs need to be reachable by cluster members, including the node itself.

Thank you for clarifying. Removing

node-external-ip

resolved this issue for me, and I am now able to start the RKE2 server successfully.