Welcome to the Linux Foundation Forum!

error execution phase preflight Lab 3.2

Posts: 1
edited February 2023 in LFS258 Class Forum

I got the next error in step 15 of lab 3.2:
"error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Get "https://k8scp:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s": dial tcp: lookup k8scp on 127.0.0.53:53: server misbehaving
To see the stack trace of this error execute with --v=5 or higher"

How can I solve this issue? All help is welcomed.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In
«1

Answers

  • Hi @elenabc,

    First I'd recommend verifying that the /etc/hosts files on both nodes are set with the correct control plane node private IP and the k8scp alias, together with the 127.0.0.1 localhost entry (step 14 and lab 3.1 step 21).

    Second, create a new token and extract the hash (steps 12 and 13) for a new join command. However, prior to running the join command again on the worker node, please run kubeadm reset on the worker to clear any possible incomplete configuration.

    Regards,
    -Chris

  • Similar to the experience listed here, I get stuck on the preflight checks since it starts but hangs w/o resolution for a long period of time:

    What should I do?

  • @nicocerquera

    The worker node is unable to connect to the Control-plane. Ensure you are able to connect to control-plane node from worker node. (Firewalls, ports, etc)

    The kubeadm join command has the apiserver-advertise-address - For example : 192.168.10.100:6443 which is missing in your screenshot, I am assuming you have masked it for security purposes. If not, then ensure the join command has reference to apiserver and also ensure that you are able to connect to control-plane

    "kubeadm join 192.168.10.100:6443 --token xyz --discovery-token-ca-cert-hash abcxyz"

  • Hi @nicocerquera,

    I would still, however, for the purpose of this course, stick with the recommended approach from the lab guide and run both kubeadm init and kubeadm join with the k8scp alias instead of a specific node IP address.

    What type of infrastructure do you use for lab VMs? Cloud or a local hypervisor? What about firewalls, VPCs, subnets? Are the /etc/hosts files on both nodes populated with the private IP address of the control plane node and the k8scp alias?

    Regards,
    -Chris

  • Hi All,

    I use cloud - AWS, I have two nodes on AWS one is CP and the other is the worker node. Both of them have the ufw status as disabled.

    The error that I get is :

    1. kubeadm join --token pum9dm.3m2y93x9a98j4lvn k8scp:6443 --dis covery-token-ca-cert-hash sha256:763941a24.......e1d929c73 e82c5d8a9109a6428
    2. [preflight] Running pre-flight checks
    3. error execution phase preflight: couldn't validate the identity of the API Serve r: Get "https://k8scp:6443/api/v1/namespaces/kube-public/configmaps/cluster-info ?timeout=10s": dial tcp: lookup k8scp on 8.8.4.4:53: no such host
    4. To see the stack trace of this error execute with --v=5 or higher

    Then I made sure I had the correct IP address on both nodes for /etc/hosts and I got:

    1. kubeadm join --token pum9dm.3m2y93x9a98j4lvn k8scp:6443 --discovery-token-ca-cert-hash sha256:763941a2426dbd98 b41b1daa......a9109a6428 [preflight] Running pre-flight checks
    2. error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster- info ConfigMap for token ID "pum9dm"
    3. To see the stack trace of this error execute with --v=5 or higher

    Did steps 12 and 13 again since the token had to be renewed and the command is working well now, thanks!

  • Now in section 3.3 of the lab, I am seeing that the coredns pods are not running, that is, they remain on a pending state:

    1. ~$ kubectl get pods --all-namespaces
    2. NAMESPACE NAME READY STATUS RESTARTS AGE
    3. kube-system coredns-6d4b75cb6d-5992r 0/1 Pending 0 42m
    4. kube-system coredns-6d4b75cb6d-g5hhf 0/1 Pending 0 42m
    5.  

    That is, even after being deleted the pods recreate on a pending status, and are not running, what can I do to get them into running mode?

  • Hi @nicocerquera,

    Are these the only two pods that are not in a Running state?

    Before deciding what to do we need to determine what prevents them from reaching the desired Running state. Can you run kubectl -n kube-system describe pod coredns-6d4b75cb6d-5992r and provide the output?

    Regards,
    -Chris

  • Yes, those are the only ones not running, the rest are ok :smile:

    1. kubectl get pods --all-namespaces
    2. NAMESPACE NAME READY STATUS RESTARTS AGE
    3. kube-system coredns-6d4b75cb6d-5992r 0/1 Pending 0 4d3h
    4. kube-system coredns-6d4b75cb6d-g5hhf 0/1 Pending 0 4d3h
    5. kube-system etcd-dev-node128 1/1 Running 0 6d22h
    6. kube-system kube-apiserver-dev-node128 1/1 Running 0 6d22h
    7. kube-system kube-controller-manager-dev-node128 1/1 Running 0 6d22h
    8. kube-system kube-proxy-hqtfx 1/1 Running 0 4d3h
    9. kube-system kube-proxy-lbqcp 1/1 Running 0 6d22h
    10. kube-system kube-scheduler-dev-node128 1/1 Running 0 6d22h

    and, here is the output of what you have asked @chrispokorni

    1. kubectl -n kube-system describe pod coredns-6d4b75cb6d-5992r
    2. Name: coredns-6d4b75cb6d-5992r
    3. Namespace: kube-system
    4. Priority: 2000000000
    5. Priority Class Name: system-cluster-critical
    6. Node: <none>
    7. Labels: k8s-app=kube-dns
    8. pod-template-hash=6d4b75cb6d
    9. Annotations: <none>
    10. Status: Pending
    11. IP:
    12. IPs: <none>
    13. Controlled By: ReplicaSet/coredns-6d4b75cb6d
    14. Containers:
    15. coredns:
    16. Image: k8s.gcr.io/coredns/coredns:v1.8.6
    17. Ports: 53/UDP, 53/TCP, 9153/TCP
    18. Host Ports: 0/UDP, 0/TCP, 0/TCP
    19. Args:
    20. -conf
    21. /etc/coredns/Corefile
    22. Limits:
    23. memory: 170Mi
    24. Requests:
    25. cpu: 100m
    26. memory: 70Mi
    27. Liveness: http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
    28. Readiness: http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
    29. Environment: <none>
    30. Mounts:
    31. /etc/coredns from config-volume (ro)
    32. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-t6mkh (ro)
    33. Conditions:
    34. Type Status
    35. PodScheduled False
    36. Volumes:
    37. config-volume:
    38. Type: ConfigMap (a volume populated by a ConfigMap)
    39. Name: coredns
    40. Optional: false
    41. kube-api-access-t6mkh:
    42. Type: Projected (a volume that contains injected data from multiple sources)
    43. TokenExpirationSeconds: 3607
    44. ConfigMapName: kube-root-ca.crt
    45. ConfigMapOptional: <nil>
    46. DownwardAPI: true
    47. QoS Class: Burstable
    48. Node-Selectors: kubernetes.io/os=linux
    49. Tolerations: CriticalAddonsOnly op=Exists
    50. node-role.kubernetes.io/control-plane:NoSchedule
    51. node-role.kubernetes.io/master:NoSchedule
    52. node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    53. node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    54. Events:
    55. Type Reason Age From Message
    56. ---- ------ ---- ---- -------
    57. Warning FailedScheduling 3m23s (x1193 over 4d3h) default-scheduler 0/2 nodes are available: 2 node(s) had untolerated taint {node.kubernetes.io/not-ready: }. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.
  • warning mentions 'untolerated taint'

  • Hi @nicocerquera,

    Please use the solution in the comment linked below to install the calico network plugin in your cluster. If the coredns pods do not reach a running state, please delete them and the controller will automatically recreate them for you.

    https://forum.linuxfoundation.org/discussion/comment/36843/#Comment_36843

    Regards,
    -Chris

  • I have installed the calico file and applied it:

    now I have the same issue, containers are on a pending state:

    1. kubectl get pods --all-namespaces
    2. NAMESPACE NAME READY STATUS RESTARTS AGE
    3. kube-system coredns-6d4b75cb6d-bpgsw 0/1 Pending 0 20m
    4. kube-system coredns-6d4b75cb6d-rbs2q 0/1 Pending 0 20m
    5. kube-system etcd-dev-node128 1/1 Running 1 29m
    6. kube-system kube-apiserver-dev-node128 1/1 Running 1 29m
    7. kube-system kube-controller-manager-dev-node128 1/1 Running 1 29m
    8. kube-system kube-proxy-7t8qg 1/1 Running 0 6m2s
    9. kube-system kube-proxy-cq6t7 1/1 Running 0 28m
    10. kube-system kube-scheduler-dev-node128 1/1 Running 1 29m
    11.  

    Here is a description of one of the nodes that is still in the pending state

    1. kubectl -n kube-system describe pod coredns-6d4b75cb6d-bpgsw
    2. Name: coredns-6d4b75cb6d-bpgsw
    3. Namespace: kube-system
    4. Priority: 2000000000
    5. Priority Class Name: system-cluster-critical
    6. Node: <none>
    7. Labels: k8s-app=kube-dns
    8. pod-template-hash=6d4b75cb6d
    9. Annotations: <none>
    10. Status: Pending
    11. IP:
    12. IPs: <none>
    13. Controlled By: ReplicaSet/coredns-6d4b75cb6d
    14. Containers:
    15. coredns:
    16. Image: k8s.gcr.io/coredns/coredns:v1.8.6
    17. Ports: 53/UDP, 53/TCP, 9153/TCP
    18. Host Ports: 0/UDP, 0/TCP, 0/TCP
    19. Args:
    20. -conf
    21. /etc/coredns/Corefile
    22. Limits:
    23. memory: 170Mi
    24. Requests:
    25. cpu: 100m
    26. memory: 70Mi
    27. Liveness: http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
    28. Readiness: http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
    29. Environment: <none>
    30. Mounts:
    31. /etc/coredns from config-volume (ro)
    32. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-2nxv6 (ro)
    33. Conditions:
    34. Type Status
    35. PodScheduled False
    36. Volumes:
    37. config-volume:
    38. Type: ConfigMap (a volume populated by a ConfigMap)
    39. Name: coredns
    40. Optional: false
    41. kube-api-access-2nxv6:
    42. Type: Projected (a volume that contains injected data from multiple sources)
    43. TokenExpirationSeconds: 3607
    44. ConfigMapName: kube-root-ca.crt
    45. ConfigMapOptional: <nil>
    46. DownwardAPI: true
    47. QoS Class: Burstable
    48. Node-Selectors: kubernetes.io/os=linux
    49. Tolerations: CriticalAddonsOnly op=Exists
    50. node-role.kubernetes.io/control-plane:NoSchedule
    51. node-role.kubernetes.io/master:NoSchedule
    52. node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    53. node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    54. Events:
    55. Type Reason Age From Message
    56. ---- ------ ---- ---- -------
    57. Warning FailedScheduling 2m35s default-scheduler 0/2 nodes are available: 2 node(s) had untolerated taint {node.kubernetes.io/not-ready: }. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.
    58.  

    Maybe it has to do with the untolerated taint warning?

    I have deleted them and the recreation is still pending state

    Any other tests/ideas to know why they are not running?

  • Also, I noticed that there are no calico pods on the pod list

  • Here is the response after I made sure the calico.yaml is applied:

    1. kubectl apply -f calico.yaml
    2. configmap/calico-config unchanged
    3. serviceaccount/calico-node unchanged
    4. resource mapping not found for name: "calico-node" namespace: "kube-system" from "calico.yaml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
    5. ensure CRDs are installed first
    6. resource mapping not found for name: "globalfelixconfigs.crd.projectcalico.org" namespace: "" from "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
    7. ensure CRDs are installed first
    8. resource mapping not found for name: "bgppeers.crd.projectcalico.org" namespace: "" from "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
    9. ensure CRDs are installed first
    10. resource mapping not found for name: "globalbgpconfigs.crd.projectcalico.org" namespace: "" from "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
    11. ensure CRDs are installed first
    12. resource mapping not found for name: "ippools.crd.projectcalico.org" namespace: "" from "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
    13. ensure CRDs are installed first
    14. resource mapping not found for name: "globalnetworkpolicies.crd.projectcalico.org" namespace: "" from "calico.yaml": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
    15. ensure CRDs are installed first

    Maybe it is a version issue?, please let me know

  • Hi @nicocerquera,

    As recommended earlier, please use the solution in the comment linked below to install the calico network plugin in your cluster (it provides the updated link for the calico.yaml definition file). The coredns pods should become ready once all calico components are successfully installed and operational.

    https://forum.linuxfoundation.org/discussion/comment/36843/#Comment_36843

    Regards,
    -Chris

  • oooookey,

    As mentioned earlier, that was the calico installation file I used, that is why I added the output.

    It is working now, difference was that the previous calico installation file had to be deleted, that is prior to having and downloading the calico yaml file from that link, ideally there would be no other calico installation file in place.

    Thanks!

  • regarding section 3.4 number 19;
    when I do the tcpdump command:

    1. sudo tcpdump -i tun10
    2. tcpdump: tun10: No such device exists
    3. (SIOCGIFHWADDR: No such device)

    Any idea why that is the case?, maybe I should use another name

  • Posts: 2,451
    edited February 2023

    Hi @nicocerquera,

    Any idea why that is the case?, maybe I should use another name

    Yes, most definitely you should use the correct name as it is presented in the lab guide. To help understand the name, I would recommend reading the description of the step as well, where the author breaks down the name of the device:

    to view traffic on the tunl0 , as in tunnel zero, interface

    Regards,
    -Chris

  • I was using "1" instead of "l" on the tunl0 call.

    That part is ok now, yet on the next item:
    20. I see that I am not able to access the cluster

    1. kubectl get svc nginx
    2. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    3. nginx ClusterIP 10.101.35.17 <none> 80/TCP 25h
    4.  
    5. 128:~$ kubectl get ep nginx
    6. NAME ENDPOINTS AGE
    7. nginx 192.168.128.72:80 25h
    8.  
    9. 128:~$ curl 10.101.35.17:80
    10. curl: (28) Failed to connect to 10.101.35.17 port 80: Connection timed out
    11.  
    12. 128:~$ curl 192.168.128.72:80
    13. curl: (28) Failed to connect to 192.168.128.72 port 80: Connection timed out

    Can you pls guide me as to how to get access to the cluster?

    1. kubectl get pods --all-namespaces
    2. NAMESPACE NAME READY STATUS RESTARTS AGE
    3. default nginx-6c8b449b8f-cmc4w 1/1 Running 0 38m
    4. kube-system calico-kube-controllers-55fc758c88-mjr95 1/1 Running 0 27h
    5. kube-system calico-node-92vnk 0/1 Running 0 15s
    6. kube-system calico-node-j9nrz 0/1 Running 0 15s
    7. kube-system coredns-6d4b75cb6d-bpgsw 1/1 Running 0 47h
    8. kube-system coredns-6d4b75cb6d-rbs2q 1/1 Running 0 47h
    9. kube-system etcd-dev-node128 1/1 Running 1 2d
    10. kube-system kube-apiserver-dev-node128 1/1 Running 1 2d
    11. kube-system kube-controller-manager-dev-node128 1/1 Running 1 2d
    12. kube-system kube-proxy-7t8qg 1/1 Running 0 47h
    13. kube-system kube-proxy-cq6t7 1/1 Running 0 2d
    14. kube-system kube-scheduler-dev-node128 1/1 Running 1 2d
  • Hi @nicocerquera,

    I would start by troubleshooting the calico-node pods, more precisely listing the events of these pods. What does the following command display?

    kubectl -n kube-system describe pod calico-node-92vnk

    And, how did you configure your AWS VPC and the SG for your EC2 instances? Did you follow the demo video from the introductory chapter? I would recommend taking a closer look to understand the networking requirements of the lab environment.

    Regards,
    -Chris

  • Hi Chris,

    Here is the output of the command you suggested, pasted in two parts due to limitations of characters:

    1. kubectl -n kube-system describe pod calico-node-92vnk
    2. Name: calico-node-92vnk
    3. Namespace: kube-system
    4. Priority: 2000001000
    5. Priority Class Name: system-node-critical
    6. Node: dev-node128/10.163.0.101
    7. Start Time: Thu, 23 Feb 2023 01:51:06 +0000
    8. Labels: controller-revision-hash=574d4d8fcb
    9. k8s-app=calico-node
    10. pod-template-generation=1
    11. Annotations: <none>
    12. Status: Running
    13. IP: 10.163.0.101
    14. IPs:
    15. IP: 10.163.0.101
    16. Controlled By: DaemonSet/calico-node
    17. Init Containers:
    18. upgrade-ipam:
    19. Container ID: containerd://0d62c8a8c3493abedf1a6877081177ddef38f7b6ebe80205a44878dd82c2017e
    20. Image: docker.io/calico/cni:v3.25.0
    21. Image ID: docker.io/calico/cni@sha256:a38d53cb8688944eafede2f0eadc478b1b403cefeff7953da57fe9cd2d65e977
    22. Port: <none>
    23. Host Port: <none>
    24. Command:
    25. /opt/cni/bin/calico-ipam
    26. -upgrade
    27. State: Terminated
    28. Reason: Completed
    29. Exit Code: 0
    30. Started: Thu, 23 Feb 2023 01:51:07 +0000
    31. Finished: Thu, 23 Feb 2023 01:51:07 +0000
    32. Ready: True
    33. Restart Count: 0
    34. Environment Variables from:
    35. kubernetes-services-endpoint ConfigMap Optional: true
    36. Environment:
    37. KUBERNETES_NODE_NAME: (v1:spec.nodeName)
    38. CALICO_NETWORKING_BACKEND: <set to the key 'calico_backend' of config map 'calico-config'> Optional: false
    39. Mounts:
    40. /host/opt/cni/bin from cni-bin-dir (rw)
    41. /var/lib/cni/networks from host-local-net-dir (rw)
    42. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xt5gc (ro)
    43. install-cni:
    44. Container ID: containerd://fb463a616118918e15fb7df37e5a9793f72cfdf11b5acc198d827d2e28adc6cc
    45. Image: docker.io/calico/cni:v3.25.0
    46. Image ID: docker.io/calico/cni@sha256:a38d53cb8688944eafede2f0eadc478b1b403cefeff7953da57fe9cd2d65e977
    47. Port: <none>
    48. Host Port: <none>
    49. Command:
    50. /opt/cni/bin/install
    51. State: Terminated
    52. Reason: Completed
    53. Exit Code: 0
    54. Started: Thu, 23 Feb 2023 01:51:08 +0000
    55. Finished: Thu, 23 Feb 2023 01:51:09 +0000
    56. Ready: True
    57. Restart Count: 0
    58. Environment Variables from:
    59. kubernetes-services-endpoint ConfigMap Optional: true
    60. Environment:
    61. CNI_CONF_NAME: 10-calico.conflist
    62. CNI_NETWORK_CONFIG: <set to the key 'cni_network_config' of config map 'calico-config'> Optional: false
    63. KUBERNETES_NODE_NAME: (v1:spec.nodeName)
    64. CNI_MTU: <set to the key 'veth_mtu' of config map 'calico-config'> Optional: false
    65. SLEEP: false
    66. Mounts:
    67. /host/etc/cni/net.d from cni-net-dir (rw)
    68. /host/opt/cni/bin from cni-bin-dir (rw)
    69. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xt5gc (ro)
    70. mount-bpffs:
    71. Container ID: containerd://83ee8f9296724122a887b7a243054d84a20faccd87bbbec7c2e002de64685f28
    72. Image: docker.io/calico/node:v3.25.0
    73. Image ID: docker.io/calico/node@sha256:a85123d1882832af6c45b5e289c6bb99820646cb7d4f6006f98095168808b1e6
    74. Port: <none>
    75. Host Port: <none>
    76. Command:
    77. calico-node
    78. -init
    79. -best-effort
    80. State: Terminated
    81. Reason: Completed
    82. Exit Code: 0
    83. Started: Thu, 23 Feb 2023 01:51:10 +0000
    84. Finished: Thu, 23 Feb 2023 01:51:10 +0000
    85. Ready: True
    86. Restart Count: 0
    87. Environment: <none>
    88. Mounts:
    89. /nodeproc from nodeproc (ro)
    90. /sys/fs from sys-fs (rw)
    91. /var/run/calico from var-run-calico (rw)
    92. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xt5gc (ro)
    93. Containers:
    94. calico-node:
    95. Container ID: containerd://237ba58b6b9588797d49ee549ab3854212398451a4b4e52d9f23ab68e71ded7d
    96. Image: docker.io/calico/node:v3.25.0
    97. Image ID: docker.io/calico/node@sha256:a85123d1882832af6c45b5e289c6bb99820646cb7d4f6006f98095168808b1e6
    98. Port: <none>
    99. Host Port: <none>
    100. State: Running
    101. Started: Thu, 23 Feb 2023 01:51:11 +0000
    102. Ready: False
    103. Restart Count: 0
    104. Requests:
    105. cpu: 250m
    106. Liveness: exec [/bin/calico-node -felix-live -bird-live] delay=10s timeout=10s period=10s #success=1 #failure=6
    107. Readiness: exec [/bin/calico-node -felix-ready -bird-ready] delay=0s timeout=10s period=10s #success=1 #failure=3
    108. Environment Variables from:
    109. kubernetes-services-endpoint ConfigMap Optional: true
    110. Environment:
    111. DATASTORE_TYPE: kubernetes
    112. WAIT_FOR_DATASTORE: true
    113. NODENAME: (v1:spec.nodeName)
    114. CALICO_NETWORKING_BACKEND: <set to the key 'calico_backend' of config map 'calico-config'> Optional: false
    115. CLUSTER_TYPE: k8s,bgp
    116. IP: autodetect
    117. CALICO_IPV4POOL_IPIP: Always
    118. CALICO_IPV4POOL_VXLAN: Never
    119. CALICO_IPV6POOL_VXLAN: Never
    120. FELIX_IPINIPMTU: <set to the key 'veth_mtu' of config map 'calico-config'> Optional: false
    121. FELIX_VXLANMTU: <set to the key 'veth_mtu' of config map 'calico-config'> Optional: false
    122. FELIX_WIREGUARDMTU: <set to the key 'veth_mtu' of config map 'calico-config'> Optional: false
    123. CALICO_DISABLE_FILE_LOGGING: true
    124. FELIX_DEFAULTENDPOINTTOHOSTACTION: ACCEPT
    125. FELIX_IPV6SUPPORT: false
    126. FELIX_HEALTHENABLED: true
    127. Mounts:
    128. /host/etc/cni/net.d from cni-net-dir (rw)
    129. /lib/modules from lib-modules (ro)
    130. /run/xtables.lock from xtables-lock (rw)
    131. /sys/fs/bpf from bpffs (rw)
    132. /var/lib/calico from var-lib-calico (rw)
    133. /var/log/calico/cni from cni-log-dir (ro)
    134. /var/run/calico from var-run-calico (rw)
    135. /var/run/nodeagent from policysync (rw)
    136. /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xt5gc (ro)
    137. Conditions:
    138. Type Status
    139. Initialized True
    140. Ready False
    141. ContainersReady False
    142. PodScheduled True
    143. ...

    Regarding the configuration of my nodes, I will review and get back to you, in the mean time, is there a glaring issue you see with this shared output?

  • Here is the second part:

    1. Volumes:
    2. lib-modules:
    3. Type: HostPath (bare host directory volume)
    4. Path: /lib/modules
    5. HostPathType:
    6. var-run-calico:
    7. Type: HostPath (bare host directory volume)
    8. Path: /var/run/calico
    9. HostPathType:
    10. var-lib-calico:
    11. Type: HostPath (bare host directory volume)
    12. Path: /var/lib/calico
    13. HostPathType:
    14. xtables-lock:
    15. Type: HostPath (bare host directory volume)
    16. Path: /run/xtables.lock
    17. HostPathType: FileOrCreate
    18. sys-fs:
    19. Type: HostPath (bare host directory volume)
    20. Path: /sys/fs/
    21. HostPathType: DirectoryOrCreate
    22. bpffs:
    23. Type: HostPath (bare host directory volume)
    24. Path: /sys/fs/bpf
    25. HostPathType: Directory
    26. nodeproc:
    27. Type: HostPath (bare host directory volume)
    28. Path: /proc
    29. HostPathType:
    30. cni-bin-dir:
    31. Type: HostPath (bare host directory volume)
    32. Path: /opt/cni/bin
    33. HostPathType:
    34. cni-net-dir:
    35. Type: HostPath (bare host directory volume)
    36. Path: /etc/cni/net.d
    37. HostPathType:
    38. cni-log-dir:
    39. Type: HostPath (bare host directory volume)
    40. Path: /var/log/calico/cni
    41. HostPathType:
    42. host-local-net-dir:
    43. Type: HostPath (bare host directory volume)
    44. Path: /var/lib/cni/networks
    45. HostPathType:
    46. policysync:
    47. Type: HostPath (bare host directory volume)
    48. Path: /var/run/nodeagent
    49. HostPathType: DirectoryOrCreate
    50. kube-api-access-xt5gc:
    51. Type: Projected (a volume that contains injected data from multiple sources)
    52. TokenExpirationSeconds: 3607
    53. ConfigMapName: kube-root-ca.crt
    54. ConfigMapOptional: <nil>
    55. DownwardAPI: true
    56. QoS Class: Burstable
    57. Node-Selectors: kubernetes.io/os=linux
    58. Tolerations: :NoSchedule op=Exists
    59. :NoExecute op=Exists
    60. CriticalAddonsOnly op=Exists
    61. node.kubernetes.io/disk-pressure:NoSchedule op=Exists
    62. node.kubernetes.io/memory-pressure:NoSchedule op=Exists
    63. node.kubernetes.io/network-unavailable:NoSchedule op=Exists
    64. node.kubernetes.io/not-ready:NoExecute op=Exists
    65. node.kubernetes.io/pid-pressure:NoSchedule op=Exists
    66. node.kubernetes.io/unreachable:NoExecute op=Exists
    67. node.kubernetes.io/unschedulable:NoSchedule op=Exists
    68. Events:
    69. Type Reason Age From Message
    70. ---- ------ ---- ---- -------
    71. Warning Unhealthy 2m16s (x9027 over 22h) kubelet (combined from similar events): Readiness probe failed: 2023-02-24 00:01:16.841 [INFO][228533] confd/health.go 180: Number of node(s) with BGP peering established = 0
    72. calico/node is not ready: BIRD is not ready: BGP not established with 10.163.0.108
  • Hi @nicocerquera,

    The events point at a possible networking issues, so I'd take a close look at the video titled "Using AWS to Set Up the Lab Environment" from the introductory chapter.

    Regards,
    -Chris

  • yeah I looked the AWS video description and it summarizes the set up that I have at the moment

  • Hi @nicocerquera,

    Is the guest OS Ubuntu 20.04 LTS?

    Regards,
    -Chris

  • yes

    1. Distributor ID: Ubuntu
    2. Description: Ubuntu 20.04.5 LTS
    3. Release: 20.04
    4. Codename: focal
  • Is there a way I can share my screen and someone can walk me though my issue, I am stuck here.

    Also, can I continue with the other parts of the course if this lab doesn't work for me? I want to move forward but do not know how to...

  • Posts: 2,451

    Hi @nicocerquera,

    Without a properly configured Kubernetes cluster, most of the following lab exercises will produce inconsistent results, or will simply not work at all.

    If enrolled in a boot camp, I encourage you to join the Office Hour session dedicated to the LFS258 course from the boot camp, where the instructor can help you live to troubleshoot your cluster. The schedule of boot camp office hours (such as days of the week and times), and meeting access links can be found in the Logistics course of your boot camp.

    Regards,
    -Chris

  • Thanks!

    I will attend the bootcamp tomorrow.

    Do I have to sign up for the live troubleshooting or, who does the hour of office hours gets allocated among multiple participants?

  • Posts: 2,451

    Hi @nicocerquera,

    There is no need to sign up in advance.

    Regards,
    -Chris

  • Hi Chris,

    Here is what I got w.r.t the potential firewall configuration:

    1. There is no vCenter firewall. There is a basic firewall on ESXi host to control connections into and out of the hypervisor (e.g. NFS traffic, ICMP, web traffic on the management UI, etc). There is no vSphere-related product in place to control traffic between guests/VMs.

    Is that basic firewall what may be causing the issue?

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training