kubespray 2.18.0 calico failes without local-loadbalancer #8864
Comments
|
Could you be more precise with regard to the error you are seeing when setting this to |
|
@cristicalin thanks for fast responce │ Warning FailedCreatePodSandBox 18m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup │ |
|
the thing is that the default configuration available in kubespray does this too for more info ( clarification )
|
|
@cristicalin |
|
it seems that this proxy settings is propagated down to some process calling [https://10.233.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default] API. Finally I add NO_PROXY to all private subnet (e.g. 10.233.0.0/16 , 10.233.64.0/16) and fix this issue. i suggest putting cluster domain ( .cluster.local ) and network cidrs in no_proxy default configuration |
So this comes from setting http_proxy in your environment? Unfortunately we don't have a CI test case for this scenario so it's difficult to catch it when it's broken. Personally my envoronments don't require a proxy so its not a part of the code I see often. If you want to push a PR with the code you changed we are happy to review and include it. |
|
i did add it like this in group_vars/all/all.yml but if we want it to use variable maybe it should be like this: in roles/kubespray-defaults/defaults/main.yaml in inventory/sample/group_vars/all/all.yml |
|
@cristicalin |
<!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, please read our contributor guidelines: https://git.k8s.io/community/contributors/guide/first-contribution.md and developer guide https://git.k8s.io/community/contributors/devel/development.md 2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. For reference on required PR/issue labels, read here: https://git.k8s.io/community/contributors/devel/sig-release/release.md#issuepr-kind-label 3. Ensure you have added or ran the appropriate tests for your PR: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md 4. If you want *faster* PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews 5. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/guide/release-notes.md 6. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests --> **What type of PR is this?** /kind feature **What this PR does / why we need it**: sets kube CIDR's in No_proxy environment **Which issue(s) this PR fixes**: <!-- *Automatically closes linked issue when PR is merged. Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. _If PR is about `failing-tests or flakes`, please post the related issues/tests in a comment and do not use `Fixes`_* --> Fixes kubernetes-sigs#8864 **Special notes for your reviewer**: the default configuration does not include no_proxy settings if one uses default config and sets proxy setting pods cannot connect to API service PS it's my first time creating an PR i'll include my code below **Does this PR introduce a user-facing change?**: <!-- If no, just write "NONE" in the release-note block below. If yes, a release note is required: Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required". --> ```release-note NONE ``` **roles/kubespray-defaults/defaults/main.yaml** `no_proxy: "{{ no_proxy | default ('{{ kube_service_addresses }},{{ kube_pods_subnet }},{{ cluster_name }}') }}" ` `NO_PROXY: "{{ no_proxy | default ('{{ kube_service_addresses }},{{ kube_pods_subnet }},{{ cluster_name }}') }}"` **inventory/sample/group_vars/all/all.yml** `##Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy` `##Make sure you add kube_service_addresses, kube_pods_subnet and cluster_name below or pods cannot connect to API service` `no_proxy: "{{ kube_service_addresses }}, {{ kube_pods_subnet }}, {{ cluster_name }}"`
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
|
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@vyom-soft: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Hello, |
|
hi |
hi guys and thank you for your hard work
previously I had installed kubernetes cluster with kubespray and weave cni without any problem (kubespray 2.18.0)
but since we need bgp functionality we decided to move to Calico CNI for a week i have tried the default configuration, the config you see today and tested with Kubernetes 1.23.6 to 1.22.2 with no success
i have been searching and found out if i run the localhost load balancer everything will work as expected but i don't want to use a local (nginx,haproxy) load balancer
is it mandatory to have use_localhost_as_kubeapi_loadbalancer: true?
Environment:
Cloud provider or hardware configuration:
bare-metal installation
OS (
printf "$(uname -srm)\n$(cat /etc/os-release)\n"):Linux 5.4.0-113-generic x86_64
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
Version of Ansible (
ansible --version):ansible [core 2.12.5]
config file = /home/ubuntu/kubespray-v2.18.1/ansible.cfg
configured module search path = ['/home/ubuntu/kubespray-v2.18.1/library']
ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
jinja version = 2.11.3
libyaml = True
Version of Python (
python --version):Python 3.8.10
Kubespray version (commit) (
git rev-parse --short HEAD):85bd1ee
2.18.1
Network plugin used:
netplan
Full inventory with variables (
ansible -i inventory/sample/inventory.ini all -m debug -a "var=hostvars[inventory_hostname]"):Command used to invoke ansible:
ansible-playbook -i inventory/pre-production/hosts.yaml --become -u sadmin -K cluster.yml
Output of ansible run:
calico kube controller log:
all pods that need calico to create a network for them fail with the below log:
thanks in advance for taking your time
The text was updated successfully, but these errors were encountered: