Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

worker node fails to join the multi-master HA cluster #178

Closed
justmeandopensource opened this issue Jul 31, 2021 · 11 comments
Closed

worker node fails to join the multi-master HA cluster #178

justmeandopensource opened this issue Jul 31, 2021 · 11 comments

Comments

@justmeandopensource
Copy link

justmeandopensource commented Jul 31, 2021
edited
Loading

Hi,

I am using VirtualBox virtual machines for this cluster. This is a multi master HA setup. All 3 control planes seem to be configured fine. The worker node fails to join the cluster. This only happens when I use HA setup with HAProxy external load balancer.

Note: On single master multi node setup (1 master, 2 workers), everything works fine.
Here is my k0sctl.yaml

apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
spec:
  hosts:
  - ssh:
      address: 172.16.16.101
      user: root
      port: 22
      keyPath: /home/venkatn/.ssh/id_rsa_k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.102
      user: root
      port: 22
      keyPath: /home/venkatn/.ssh/id_rsa_k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.103
      user: root
      port: 22
      keyPath: /home/venkatn/.ssh/id_rsa_k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.104
      user: root
      port: 22
      keyPath: /home/venkatn/.ssh/id_rsa_k0s
    role: worker
    privateInterface: eth1
  k0s:
    version: 1.21.3+k0s.0
    config:
      spec:
        api:
          externalAddress: 172.16.16.105
          sans:
          - 172.16.16.105

Output of k0sctl apply command

❯ k0sctl apply --config k0sctl.yaml

⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███
⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███          ███    ███
⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███          ███    ███
⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███          ███    ███
⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████    ███    ██████████

k0sctl v0.9.0 Copyright 2021, k0sctl authors.
Anonymized telemetry of usage will be sent to the authors.
By continuing to use k0sctl you agree to these terms:
https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts 
INFO [ssh] 172.16.16.104:22: connected            
INFO [ssh] 172.16.16.101:22: connected            
INFO [ssh] 172.16.16.102:22: connected            
INFO [ssh] 172.16.16.103:22: connected            
INFO ==> Running phase: Detect host operating systems 
INFO [ssh] 172.16.16.101:22: is running Ubuntu 20.04.2 LTS 
INFO [ssh] 172.16.16.103:22: is running Ubuntu 20.04.2 LTS 
INFO [ssh] 172.16.16.102:22: is running Ubuntu 20.04.2 LTS 
INFO [ssh] 172.16.16.104:22: is running Ubuntu 20.04.2 LTS 
INFO ==> Running phase: Prepare hosts    
INFO ==> Running phase: Gather host facts 
INFO ==> Running phase: Download k0s on hosts 
INFO [ssh] 172.16.16.101:22: downloading k0s 1.21.3+k0s.0 
INFO [ssh] 172.16.16.103:22: downloading k0s 1.21.3+k0s.0 
INFO [ssh] 172.16.16.102:22: downloading k0s 1.21.3+k0s.0 
INFO [ssh] 172.16.16.104:22: downloading k0s 1.21.3+k0s.0 
INFO ==> Running phase: Validate hosts   
INFO ==> Running phase: Gather k0s facts 
INFO ==> Running phase: Validate facts   
INFO ==> Running phase: Configure k0s    
INFO [ssh] 172.16.16.101:22: validating configuration 
INFO [ssh] 172.16.16.101:22: configuration was changed 
INFO [ssh] 172.16.16.102:22: validating configuration 
INFO [ssh] 172.16.16.102:22: configuration was changed 
INFO [ssh] 172.16.16.103:22: validating configuration 
INFO [ssh] 172.16.16.103:22: configuration was changed 
INFO ==> Running phase: Initialize the k0s cluster 
INFO [ssh] 172.16.16.101:22: installing k0s controller 
INFO [ssh] 172.16.16.101:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.101:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install controllers 
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.102:22: writing join token   
INFO [ssh] 172.16.16.102:22: installing k0s controller 
INFO [ssh] 172.16.16.102:22: starting service     
INFO [ssh] 172.16.16.102:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.102:22: waiting for kubernetes api to respond 
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.103:22: writing join token   
INFO [ssh] 172.16.16.103:22: installing k0s controller 
INFO [ssh] 172.16.16.103:22: starting service     
INFO [ssh] 172.16.16.103:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.103:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install workers  
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.104:22: writing join token   
INFO [ssh] 172.16.16.104:22: installing k0s worker 
INFO [ssh] 172.16.16.104:22: starting service     
INFO [ssh] 172.16.16.104:22: waiting for node to become ready
ERRO apply failed - log file saved to /home/venkatn/.k0sctl/cache/k0sctl.log 
FATA failed on 1 hosts:
 - [ssh] 172.16.16.104:22: All attempts fail:
#1: failed to parse status from kubectl output
#2: failed to parse status from kubectl output
#3: failed to parse status from kubectl output

Log entries from k0sworker service on the failing VM (172.16.16.104)

root@ubuntuvm4:~# journalctl -flu k0sworker
-- Logs begin at Sat 2021-07-31 13:55:49 UTC. --
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.939826765Z\" level=info msg=\"loading plugin \\\"io.containerd.grpc
.v1.tasks\\\"...\" type=io.containerd.grpc.v1" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.939838849Z\" level=info msg=\"loading plugin \\\"io.containerd.grpc
.v1.version\\\"...\" type=io.containerd.grpc.v1" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.939848243Z\" level=info msg=\"loading plugin \\\"io.containerd.grpc
.v1.cri\\\"...\" type=io.containerd.grpc.v1" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.939924834Z\" level=info msg=\"Start cri plugin with config {PluginC
onfig:{ContainerdConfig:{Snapshotter:overlayfs DefaultRuntimeName:runc DefaultRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedW
ithoutHostDevices:false BaseRuntimeSpec:} UntrustedWorkloadRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedWithoutHostDevices:f
alse BaseRuntimeSpec:} Runtimes:map[runc:{Type:io.containerd.runc.v2 Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:0xc00034ef60 PrivilegedWithoutHostDevices
:false BaseRuntimeSpec:}] NoPivot:false DisableSnapshotAnnotations:true DiscardUnpackedLayers:false} CniConfig:{NetworkPluginBinDir:/opt/cni/bin NetworkPluginConfDir:/etc/cni
/net.d NetworkPluginMaxConfNum:1 NetworkPluginConfTemplate:} Registry:{Mirrors:map[docker.io:{Endpoints:[https://registry-1.docker.io]}] Configs:map[] Auths:map[] Headers:map
[]} ImageDecryption:{KeyModel:} DisableTCPService:true StreamServerAddress:127.0.0.1 StreamServerPort:0 StreamIdleTimeout:4h0m0s EnableSelinux:false SelinuxCategoryRange:1024
 SandboxImage:k8s.gcr.io/pause:3.2 StatsCollectPeriod:10 SystemdCgroup:false EnableTLSStreaming:false X509KeyPairStreaming:{TLSCertFile: TLSKeyFile:} MaxContainerLogLineSize:
16384 DisableCgroup:false DisableApparmor:false RestrictOOMScoreAdj:false MaxConcurrentDownloads:3 DisableProcMount:false UnsetSeccompProfile: TolerateMissingHugetlbControlle
r:true DisableHugetlbController:true IgnoreImageDefinedVolumes:false} ContainerdRootDir:/var/lib/k0s/containerd ContainerdEndpoint:/run/k0s/containerd.sock RootDir:/var/lib/k
0s/containerd/io.containerd.grpc.v1.cri StateDir:/run/k0s/containerd/io.containerd.grpc.v1.cri}\"" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.939968902Z\" level=info msg=\"Connect containerd service\"" compone
nt=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.940022238Z\" level=info msg=\"Get image filesystem path \\\"/var/li
b/k0s/containerd/io.containerd.snapshotter.v1.overlayfs\\\"\"" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.941283261Z\" level=error msg=\"failed to load cni during init, plea
se check CRI plugin status before setting up network for pods\" error=\"cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed 
to load cni config\"" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.941312951Z\" level=info msg=\"loading plugin \\\"io.containerd.grpc
.v1.introspection\\\"...\" type=io.containerd.grpc.v1" component=containerd
Jul 31 15:42:46 ubuntuvm4 k0s[2035]: time="2021-07-31 15:42:46" level=info msg="time=\"2021-07-31T15:42:46.941514519Z\" level=info msg=serving... address=/run/k0s/containerd.
sock.ttrpc" component=containerd
...
...
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="time=\"2021-07-31T14:49:49.228270349Z\" level=info msg=\"Start cni network conf syncer\"" component=containerd
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="time=\"2021-07-31T14:49:49.228293607Z\" level=info msg=\"Start streaming server\"" component=containerd
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="starting OCIBundleReconciler"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="starting Kubelet"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="Starting kubelet"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=info msg="starting kubelet with args: map[--bootstrap-kubeconfig:/var/lib/k0s/kubelet-bootstrap.conf --cert-dir:/var/lib/k0s/kubelet/pki --cgroups-per-qos:true --config:/var/lib/k0s/kubelet-config.yaml --container-runtime:remote --container-runtime-endpoint:unix:///run/k0s/containerd.sock --containerd:/run/k0s/containerd.sock --kube-reserved-cgroup:system.slice --kubeconfig:/var/lib/k0s/kubelet.conf --kubelet-cgroups:/system.slice/containerd.service --resolv-conf:/run/systemd/resolve/resolv.conf --root-dir:/var/lib/k0s/kubelet --runtime-cgroups:/system.slice/containerd.service --v:1]"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=warning msg="failed to get initial kubelet config with join token: failed to get kubelet config from API: Unauthorized"
Jul 31 14:49:49 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:49" level=warning msg="failed to get initial kubelet config with join token: failed to get kubelet config from API: Unauthorized"
Jul 31 14:49:50 ubuntuvm4 k0s[1473]: time="2021-07-31 14:49:50" level=warning msg="failed to get initial kubelet config with join token: failed to get kubelet config from API: Unauthorized"
..
..
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.174201    2346 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4\\\" not found\"" component=kubelet
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.274464    2346 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4\\\" not found\"" component=kubelet
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.297123    2346 kubelet.go:2211] \"Container runtime network not ready\" networkReady=\"NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized\"" component=kubelet
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.375433    2346 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4\\\" not found\"" component=kubelet
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.476617    2346 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4\\\" not found\"" component=kubelet
Jul 31 15:53:28 ubuntuvm4 k0s[2035]: time="2021-07-31 15:53:28" level=info msg="E0731 15:53:28.577625    2346 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4\\\" not found\"" component=kubelet

more errors in k0sworker service

Jul 31 15:47:02 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:02" level=info msg="E0731 15:47:02.913854    2184 certificate_manager.go:437] Failed while requesting a signed cer
tificate from the master: cannot create certificate signing request: Unauthorized" component=kubelet
Jul 31 15:47:05 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:05" level=info msg="E0731 15:47:05.086409    2184 certificate_manager.go:437] Failed while requesting a signed cer
tificate from the master: cannot create certificate signing request: Unauthorized" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.944422    2184 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Fai
led to watch *v1.CSIDriver: failed to list *v1.CSIDriver: Unauthorized" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.947137    2184 cri_stats_provider.go:369] \"Failed to get the info of the files
ystem with mountpoint\" err=\"unable to find data in memory cache\" mountpoint=\"/var/lib/k0s/containerd/io.containerd.snapshotter.v1.overlayfs\"" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.947364    2184 kubelet.go:1306] \"Image garbage collection failed once. Stats i
nitialization may not have completed yet\" err=\"invalid capacity 0 on image filesystem\"" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.947558    2184 kubelet.go:2211] \"Container runtime network not ready\" network
Ready=\"NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized\"" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.968048    2184 controller.go:144] failed to ensure lease exists, will retry in 
200ms, error: Unauthorized" component=kubelet
Jul 31 15:47:07 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:07" level=info msg="E0731 15:47:07.977876    2184 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Fai
led to watch *v1.Node: failed to list *v1.Node: Unauthorized" component=kubelet
Jul 31 15:47:08 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:08" level=info msg="E0731 15:47:07.982531    2184 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Fai
led to watch *v1.Service: failed to list *v1.Service: Unauthorized" component=kubelet
Jul 31 15:47:08 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:08" level=info msg="E0731 15:47:07.982609    2184 event.go:264] Server rejected event '&v1.Event{TypeMeta:v1.TypeM
eta{Kind:\"\", APIVersion:\"\"}, ObjectMeta:v1.ObjectMeta{Name:\"ubuntuvm4.1696eac083e9ef6a\", GenerateName:\"\", Namespace:\"default\", SelfLink:\"\", UID:\"\", ResourceVers
ion:\"\", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(
*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:\"\", Managed
Fields:[]v1.ManagedFieldsEntry(nil)}, InvolvedObject:v1.ObjectReference{Kind:\"Node\", Namespace:\"\", Name:\"ubuntuvm4\", UID:\"ubuntuvm4\", APIVersion:\"\", ResourceVersion
:\"\", FieldPath:\"\"}, Reason:\"Starting\", Message:\"Starting kubelet.\", Source:v1.EventSource{Component:\"kubelet\", Host:\"ubuntuvm4\"}, FirstTimestamp:v1.Time{Time:time
.Time{wall:0xc03979fef62ae16a, ext:5155526051, loc:(*time.Location)(0x403e7c0)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xc03979fef62ae16a, ext:5155526051, loc:(*time.Loc
ation)(0x403e7c0)}}, Count:1, Type:\"Normal\", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:\"\",
 Related:(*v1.ObjectReference)(nil), ReportingController:\"\", ReportingInstance:\"\"}': 'Unauthorized' (will not retry!)" component=kubelet
Jul 31 15:47:08 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:08" level=info msg="E0731 15:47:08.042425    2184 event.go:264] Server rejected event '&v1.Event{TypeMeta:v1.TypeM
eta{Kind:\"\", APIVersion:\"\"}, ObjectMeta:v1.ObjectMeta{Name:\"ubuntuvm4.1696eac086367484\", GenerateName:\"\", Namespace:\"default\", SelfLink:\"\", UID:\"\", ResourceVers
ion:\"\", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(
*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:\"\", Managed
Fields:[]v1.ManagedFieldsEntry(nil)}, InvolvedObject:v1.ObjectReference{Kind:\"Node\", Namespace:\"\", Name:\"ubuntuvm4\", UID:\"ubuntuvm4\", APIVersion:\"\", ResourceVersion
:\"\", FieldPath:\"\"}, Reason:\"InvalidDiskCapacity\", Message:\"invalid capacity 0 on image filesystem\", Source:v1.EventSource{Component:\"kubelet\", Host:\"ubuntuvm4\"}, 
FirstTimestamp:v1.Time{Time:time.Time{wall:0xc03979fef8776684, ext:5194095291, loc:(*time.Location)(0x403e7c0)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xc03979fef8776684
, ext:5194095291, loc:(*time.Location)(0x403e7c0)}}, Count:1, Type:\"Warning\", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v
1.EventSeries)(nil), Action:\"\", Related:(*v1.ObjectReference)(nil), ReportingController:\"\", ReportingInstance:\"\"}': 'Unauthorized' (will not retry!)" component=kubelet
Jul 31 15:47:08 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:08" level=info msg="E0731 15:47:08.044685    2184 kubelet.go:2291] \"Error getting node\" err=\"node \\\"ubuntuvm4
\\\" not found\"" component=kubelet
Jul 31 15:47:08 ubuntuvm4 k0s[2035]: time="2021-07-31 15:47:08" level=info msg="E0731 15:47:08.048804    2184 event.go:264] Server rejected event '&v1.Event{TypeMeta:v1.TypeM
eta{Kind:\"\", APIVersion:\"\"}, ObjectMeta:v1.ObjectMeta{Name:\"ubuntuvm4.1696eac08c0ff81a\", GenerateName:\"\", Namespace:\"default\", SelfLink:\"\", UID:\"\", ResourceVers
ion:\"\", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(
*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:\"\", Managed
Fields:[]v1.ManagedFieldsEntry(nil)}, InvolvedObject:v1.ObjectReference{Kind:\"Node\", Namespace:\"\", Name:\"ubuntuvm4\", UID:\"ubuntuvm4\", APIVersion:\"\", ResourceVersion
:\"\", FieldPath:\"\"}, Reason:\"NodeHasSufficientMemory\", Message:\"Node ubuntuvm4 status is now: NodeHasSufficientMemory\", Source:v1.EventSource{Component:\"kubelet\", Ho
st:\"ubuntuvm4\"}, FirstTimestamp:v1.Time{Time:time.Time{wall:0xc03979ff02b6201a, ext:5292236369, loc:(*time.Location)(0x403e7c0)}}, LastTimestamp:v1.Time{Time:time.Time{wall
:0xc03979ff02b6201a, ext:5292236369, loc:(*time.Location)(0x403e7c0)}}, Count:1, Type:\"Normal\", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(
nil)}}, Series:(*v1.EventSeries)(nil), Action:\"\", Related:(*v1.ObjectReference)(nil), ReportingController:\"\", ReportingInstance:\"\"}': 'Unauthorized' (will not retry!)" 
component=kubelet

Thanks,
Venkat
@justmeandopensource justmeandopensource changed the title worker node fails to join the cluster worker node fails to join the multi-master HA cluster Jul 31, 2021
@kke kke mentioned this issue Aug 5, 2021
Merged
@darktempla
Copy link

darktempla commented Aug 12, 2021
edited
Loading

I am having similar issues.
I am not 100% certain but suspect that the issue is k0sctl is detecting the wrong network interface during installation.

I had a similar issue with k3s running on virtualbox nodes and setting the interface to eth1 instead of the default eth0 fixed that. Is there a way in the k0sctl configuration to override auto-detection and tell it what interface to use? I couldn't find anything.

INFO ==> Running phase: Gather host facts 
INFO [ssh] 192.100.0.41:22: discovered eth0 as private interface 
INFO [ssh] 192.100.0.41:22: discovered 10.0.2.15 as private address

As you can see Virtualbox (vagrant) sets up a NAT and Bridge when setting up a public network configuration.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 84714sec preferred_lft 84714sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.100.0.41/24 brd 192.100.0.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe35:dd15/64 scope link 
       valid_lft forever preferred_lft forever

@jnummelin
Copy link
Member

@justmeandopensource Could you check the token file that is has proper address set in the worker nodes. IIRC it's at /etc/k0s/k0stoken. You can "decode" it by e.g. cat /etc/k0s/k0stoken | base64 -d | gunzip. Check that the address is set properly to the externalAddress.

@jnummelin
Copy link
Member

@darktempla no sure what you mean by this:

Is there a way in the k0sctl configuration to override auto-detection and tell it what interface to use?

All of the components that do listen for external traffic (e.g. kube-api) does actually listen on 0.0.0.0 so those should be accessible by any IP the node has. There is host.privateInterface key to set the interface/address k0s uses to setup e.g. etcd peering between the nodes.

@darktempla
Copy link

darktempla commented Aug 17, 2021
edited
Loading

@jnummelin - Your correct there is a privateInterface: eth1 override which I failed to see in the documentation. This fixed my issue. Thanks for your comments this helped with my issue.

I have created the following gist in-case others would like to follow my example of testing k0s out on a 2 node (1 master, 1 worker) Vagrant Virtualbox VMs.

https://gist.github.com/darktempla/439d04a5da67748e99ca7c4fd9e87994

@jnummelin
Copy link
Member

Based on last comments I believe this is solved.

@viktormohl
Copy link

viktormohl commented Oct 11, 2021
edited
Loading

Unfortunately it still does not work, here is the setup.

k0sclt-multi.yaml

apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
spec:
  hosts:
  - ssh:
      address: 172.16.16.101
      user: root
      port: 22
      keyPath: /home/urdeath/.ssh/id-rsa-k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.102
      user: root
      port: 22
      keyPath: /home/urdeath/.ssh/id-rsa-k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.103
      user: root
      port: 22
      keyPath: /home/urdeath/.ssh/id-rsa-k0s
    role: controller
    privateInterface: eth1
  - ssh:
      address: 172.16.16.104
      user: root
      port: 22
      keyPath: /home/urdeath/.ssh/id-rsa-k0s
    role: worker
    privateInterface: eth1
  - ssh:
      address: 172.16.16.105
      user: root
      port: 22
      keyPath: /home/urdeath/.ssh/id-rsa-k0s
    role: worker
    privateInterface: eth1
  k0s:
    version: 1.21.2+k0s.1
    config:
      spec:
        api:
          externalAddress: 172.16.16.106
          sans:
          - 172.16.16.106

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

ENV['VAGRANT_NO_PARALLEL'] = 'yes'

Vagrant.configure(2) do |config|

  config.vm.provision "shell", path: "bootstrap.sh"

  NodeCount = 6

  (1..NodeCount).each do |i|

    config.vm.define "debian11-vm#{i}" do |node|

      node.vm.box               = "generic/debian11"
      node.vm.box_check_update  = false
      node.vm.box_version       = "3.4.2"
      node.vm.hostname          = "debian11-vm#{i}.develop.local"

      node.vm.network "private_network", ip: "172.16.16.10#{i}"

      node.vm.provider :virtualbox do |v|
        v.name    = "debian11-vm#{i}"
        v.memory  = 2048
        v.cpus    = 1
      end
    end
  end
end

urdeath@urdeath-pc:~/k8s$ k0sctl apply --config /home/urdeath/k8s/k0sclt-multi.yaml

⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███
⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███          ███    ███
⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███          ███    ███
⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███          ███    ███
⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████    ███    ██████████

k0sctl v0.10.4 Copyright 2021, k0sctl authors.
Anonymized telemetry of usage will be sent to the authors.
By continuing to use k0sctl you agree to these terms:
https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts 
INFO [ssh] 172.16.16.101:22: connected            
INFO [ssh] 172.16.16.105:22: connected            
INFO [ssh] 172.16.16.103:22: connected            
INFO [ssh] 172.16.16.102:22: connected            
INFO [ssh] 172.16.16.104:22: connected            
INFO ==> Running phase: Detect host operating systems 
INFO [ssh] 172.16.16.103:22: is running Debian GNU/Linux 11 (bullseye) 
INFO [ssh] 172.16.16.105:22: is running Debian GNU/Linux 11 (bullseye) 
INFO [ssh] 172.16.16.102:22: is running Debian GNU/Linux 11 (bullseye) 
INFO [ssh] 172.16.16.101:22: is running Debian GNU/Linux 11 (bullseye) 
INFO [ssh] 172.16.16.104:22: is running Debian GNU/Linux 11 (bullseye) 
INFO ==> Running phase: Prepare hosts    
INFO [ssh] 172.16.16.104:22: installing packages (iptables) 
INFO [ssh] 172.16.16.105:22: installing packages (iptables) 
INFO ==> Running phase: Gather host facts 
INFO ==> Running phase: Validate hosts   
INFO ==> Running phase: Gather k0s facts 
INFO ==> Running phase: Validate facts   
INFO ==> Running phase: Download k0s on hosts 
INFO [ssh] 172.16.16.101:22: downloading k0s 1.21.2+k0s.1 
INFO [ssh] 172.16.16.103:22: downloading k0s 1.21.2+k0s.1 
INFO [ssh] 172.16.16.104:22: downloading k0s 1.21.2+k0s.1 
INFO [ssh] 172.16.16.105:22: downloading k0s 1.21.2+k0s.1 
INFO [ssh] 172.16.16.102:22: downloading k0s 1.21.2+k0s.1 
INFO ==> Running phase: Configure k0s    
INFO [ssh] 172.16.16.103:22: validating configuration 
INFO [ssh] 172.16.16.101:22: validating configuration 
INFO [ssh] 172.16.16.102:22: validating configuration 
INFO [ssh] 172.16.16.103:22: configuration was changed 
INFO [ssh] 172.16.16.101:22: configuration was changed 
INFO [ssh] 172.16.16.102:22: configuration was changed 
INFO ==> Running phase: Initialize the k0s cluster 
INFO [ssh] 172.16.16.101:22: installing k0s controller 
INFO [ssh] 172.16.16.101:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.101:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install controllers 
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.102:22: writing join token   
INFO [ssh] 172.16.16.102:22: installing k0s controller 
INFO [ssh] 172.16.16.102:22: starting service     
INFO [ssh] 172.16.16.102:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.102:22: waiting for kubernetes api to respond 
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.103:22: writing join token   
INFO [ssh] 172.16.16.103:22: installing k0s controller 
INFO [ssh] 172.16.16.103:22: starting service     
INFO [ssh] 172.16.16.103:22: waiting for the k0s service to start 
INFO [ssh] 172.16.16.103:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install workers  
INFO [ssh] 172.16.16.104:22: validating api connection to https://172.16.16.106:6443 
INFO [ssh] 172.16.16.105:22: validating api connection to https://172.16.16.106:6443 
INFO [ssh] 172.16.16.101:22: generating token     
INFO [ssh] 172.16.16.104:22: writing join token   
INFO [ssh] 172.16.16.105:22: writing join token   
INFO [ssh] 172.16.16.105:22: installing k0s worker 
INFO [ssh] 172.16.16.104:22: installing k0s worker 
INFO [ssh] 172.16.16.105:22: starting service     
INFO [ssh] 172.16.16.104:22: starting service     
INFO [ssh] 172.16.16.105:22: waiting for node to become ready 
INFO [ssh] 172.16.16.104:22: waiting for node to become ready 
INFO * Running clean-up for phase: Initialize the k0s cluster 
INFO * Running clean-up for phase: Install controllers 
INFO * Running clean-up for phase: Install workers 
ERRO apply failed - log file saved to /home/urdeath/.k0sctl/cache/k0sctl.log 
FATA failed on 2 hosts:
 - [ssh] 172.16.16.105:22: [ssh] 172.16.16.101:22: node debian11-vm5 status not reported as ready
 - [ssh] 172.16.16.104:22: [ssh] 172.16.16.101:22: node debian11-vm4 status not reported as ready

haproxy-config

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    tcp
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend kubeAPI
    bind :6443
    default_backend kubeAPI_backend
frontend konnectivity
    bind :8132
    default_backend konnectivity_backend
frontend controllerJoinAPI
    bind :9443
    default_backend controllerJoinAPI_backend

backend kubeAPI_backend
    server k0s-controller1 172.16.16.101:6443 check check-ssl verify none
    server k0s-controller2 172.16.16.102:6443 check check-ssl verify none
    server k0s-controller3 172.16.16.103:6443 check check-ssl verify none
backend konnectivity_backend
    server k0s-controller1 172.16.16.101:8132 check check-ssl verify none
    server k0s-controller2 172.16.16.102:8132 check check-ssl verify none
    server k0s-controller3 172.16.16.103:8132 check check-ssl verify none
backend controllerJoinAPI_backend
    server k0s-controller1 172.16.16.101:9443 check check-ssl verify none
    server k0s-controller2 172.16.16.102:9443 check check-ssl verify none
    server k0s-controller3 172.16.16.103:9443 check check-ssl verify none

listen stats
   bind *:9000
   mode http
   stats enable
   stats uri /


root@debian11-vm6:~# haproxy -v
HA-Proxy version 2.2.9-2+deb11u2 2021/09/05 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html
Running on: Linux 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64

root@debian11-vm6:~# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8132            0.0.0.0:*               LISTEN      3615/haproxy        
tcp        0      0 0.0.0.0:9000            0.0.0.0:*               LISTEN      3615/haproxy        
tcp        0      0 0.0.0.0:6443            0.0.0.0:*               LISTEN      3615/haproxy        
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      442/memcached       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1203/sshd: /usr/sbi 
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1679/master         
tcp        0      0 0.0.0.0:9443            0.0.0.0:*               LISTEN      3615/haproxy        
tcp6       0      0 :::22                   :::*                    LISTEN      1203/sshd: /usr/sbi 
tcp6       0      0 :::25                   :::*                    LISTEN      1679/master

/home/urdeath/.k0sctl/cache/k0sctl.log

[...]
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm5 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.105:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm4 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.104:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm5 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.105:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm4 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.104:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm5 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.105:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.101:22: executing `/usr/local/bin/k0s kubectl --kubeconfig \"/var/lib/k0s/pki/admin.conf\" get node -l kubernetes.io/hostname=debian11-vm4 -o json`"
time="11 Oct 21 21:08 CEST" level=debug msg="[ssh] 172.16.16.104:22: failed to find Ready=True state in kubectl output"
time="11 Oct 21 21:08 CEST" level=info msg="\x1b[31m* Running clean-up for phase: Initialize the k0s cluster\x1b[0m"
time="11 Oct 21 21:08 CEST" level=info msg="\x1b[31m* Running clean-up for phase: Install controllers\x1b[0m"
time="11 Oct 21 21:08 CEST" level=info msg="\x1b[31m* Running clean-up for phase: Install workers\x1b[0m"
time="11 Oct 21 21:08 CEST" level=info msg="###### New session ######"
time="11 Oct 21 21:08 CEST" level=error msg="apply failed - log file saved to /home/urdeath/.k0sctl/cache/k0sctl.log"
time="11 Oct 21 21:08 CEST" level=fatal msg="failed on 2 hosts:\n - [ssh] 172.16.16.105:22: [ssh] 172.16.16.101:22: node debian11-vm5 status not reported as ready\n - [ssh] 172.16.16.104:22: [ssh] 172.16.16.101:22: node debian11-vm4 status not reported as ready"

@kke kke reopened this Oct 12, 2021
@darktempla
Copy link

darktempla commented Oct 14, 2021
edited
Loading

@viktormohl - where are you running the k0s command from?

If its from your VM host (physical machine) then it not working seems reasonable, you have configured a private vagrant network and are referencing the "private" subnet from your local machine it will not be able to resolve. Vagrant allows ssh access to the machines by using port mapping & using non generic SSH ports. For example 2222 (host) -> 22 (guest) and when you run varant ssh <host> it is really using localhost:2222 for the SSH. Each machine has a unique SSH private key that can be found under the .vagrant/machines folder. You could reference them figure out the random ports and put them in your config and it should work.

However I would just go with a public network its an easier configuration as basically the VMs and your host are on the same network. Here is my gist with this configuration:
https://gist.github.com/darktempla/439d04a5da67748e99ca7c4fd9e87994

Your other option if it must be private which would likely be easier is if you SSH into one of the VM machines and run the k0s command inside the private network, I suspect that should work as expected.

Hopefully this information helps give you some ideas to try.

@kke kke mentioned this issue Feb 14, 2022
Closed
@kke kke closed this as completed Mar 24, 2022
@jsalgado78 jsalgado78 mentioned this issue Apr 7, 2022
Open
@ipeacocks
Copy link

OK, seems I have something similar.

I have next nodes:

192.168.1.31 k8s-m-ha

192.168.1.11 k8s-m1
192.168.1.12 k8s-m2
192.168.1.13 k8s-m3

192.168.1.21 k8s-s1
192.168.1.22 k8s-s2

Host OS and all these nodes are in the same network, pingable and all ports are opened.

And such config k0sctl.yaml:

apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
spec:
  hosts:
  - ssh:
      address: 192.168.1.11
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.12
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.13
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.21
      user: ubuntu
      port: 22
      keyPath: null
    role: worker
  - ssh:
      address: 192.168.1.22
      user: ubuntu
      port: 22
      keyPath: null
    role: worker
  k0s:
    version: 1.27.1+k0s.0
    dynamicConfig: false
    config:
      spec:
        api:
          externalAddress: 192.168.1.31
          sans:
          - 192.168.1.31
        telemetry:
          enabled: false
        network:
          provider: calico
          kubeProxy:
            mode: ipvs

So nothing really special. But with api section k0s just don't wish to create new cluster:

$ k0sctl apply --config k0sctl.yaml

⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███
⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███          ███    ███
⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███          ███    ███
⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███          ███    ███
⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████    ███    ██████████
k0sctl v0.15.0 Copyright 2022, k0sctl authors.
Anonymized telemetry of usage will be sent to the authors.
By continuing to use k0sctl you agree to these terms:
https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts 
INFO [ssh] 192.168.1.22:22: connected             
INFO [ssh] 192.168.1.21:22: connected             
INFO [ssh] 192.168.1.13:22: connected             
INFO [ssh] 192.168.1.12:22: connected             
INFO [ssh] 192.168.1.11:22: connected             
INFO ==> Running phase: Detect host operating systems 
INFO [ssh] 192.168.1.11:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.22:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.12:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.13:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.21:22: is running Ubuntu 22.04.2 LTS 
INFO ==> Running phase: Acquire exclusive host lock 
INFO ==> Running phase: Prepare hosts    
INFO ==> Running phase: Gather host facts 
INFO [ssh] 192.168.1.22:22: using k8s-s2 as hostname 
INFO [ssh] 192.168.1.13:22: using k8s-m3 as hostname 
INFO [ssh] 192.168.1.12:22: using k8s-m2 as hostname 
INFO [ssh] 192.168.1.11:22: using k8s-m1 as hostname 
INFO [ssh] 192.168.1.21:22: using k8s-s1 as hostname 
INFO [ssh] 192.168.1.22:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.13:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.21:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.12:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.11:22: discovered enp0s3 as private interface 
INFO ==> Running phase: Validate hosts   
INFO ==> Running phase: Gather k0s facts 
INFO ==> Running phase: Validate facts   
INFO ==> Running phase: Configure k0s    
INFO [ssh] 192.168.1.12:22: validating configuration 
INFO [ssh] 192.168.1.11:22: validating configuration 
INFO [ssh] 192.168.1.13:22: validating configuration 
INFO [ssh] 192.168.1.12:22: configuration was changed 
INFO [ssh] 192.168.1.13:22: configuration was changed 
INFO [ssh] 192.168.1.11:22: configuration was changed 
INFO ==> Running phase: Initialize the k0s cluster 
INFO [ssh] 192.168.1.11:22: installing k0s controller 
INFO [ssh] 192.168.1.11:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.11:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install controllers 
INFO [ssh] 192.168.1.11:22: generating token      
INFO [ssh] 192.168.1.12:22: writing join token    
INFO [ssh] 192.168.1.12:22: installing k0s controller 
INFO [ssh] 192.168.1.12:22: starting service      
INFO [ssh] 192.168.1.12:22: waiting for the k0s service to start 
INFO * Running clean-up for phase: Initialize the k0s cluster 
INFO * Running clean-up for phase: Install controllers 

ERRO apply failed - log file saved to /home/ipeacocks/.cache/k0sctl/k0sctl.log 
FATA not running

But everything is just working well w/o api (haproxy ip) section:

$ cat k0sctl.yaml
apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
spec:
  hosts:
  - ssh:
      address: 192.168.1.11
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.12
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.13
      user: ubuntu
      port: 22
      keyPath: null
    role: controller
  - ssh:
      address: 192.168.1.21
      user: ubuntu
      port: 22
      keyPath: null
    role: worker
  - ssh:
      address: 192.168.1.22
      user: ubuntu
      port: 22
      keyPath: null
    role: worker
  k0s:
    version: 1.27.1+k0s.0
    dynamicConfig: false
    config:
      spec:
        telemetry:
          enabled: false
        network:
          provider: calico
          kubeProxy:
            mode: ipvs

$ k0sctl apply --config k0sctl.yaml

⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███
⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███          ███    ███
⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███          ███    ███
⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███          ███    ███
⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████    ███    ██████████
k0sctl v0.15.0 Copyright 2022, k0sctl authors.
Anonymized telemetry of usage will be sent to the authors.
By continuing to use k0sctl you agree to these terms:
https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts 
INFO [ssh] 192.168.1.11:22: connected             
INFO [ssh] 192.168.1.22:22: connected             
INFO [ssh] 192.168.1.13:22: connected             
INFO [ssh] 192.168.1.12:22: connected             
INFO [ssh] 192.168.1.21:22: connected             
INFO ==> Running phase: Detect host operating systems 
INFO [ssh] 192.168.1.11:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.13:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.21:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.22:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.12:22: is running Ubuntu 22.04.2 LTS 
INFO ==> Running phase: Acquire exclusive host lock 
INFO ==> Running phase: Prepare hosts    
INFO ==> Running phase: Gather host facts 
INFO [ssh] 192.168.1.11:22: using k8s-m1 as hostname 
INFO [ssh] 192.168.1.22:22: using k8s-s2 as hostname 
INFO [ssh] 192.168.1.13:22: using k8s-m3 as hostname 
INFO [ssh] 192.168.1.12:22: using k8s-m2 as hostname 
INFO [ssh] 192.168.1.21:22: using k8s-s1 as hostname 
INFO [ssh] 192.168.1.11:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.22:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.13:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.12:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.21:22: discovered enp0s3 as private interface 
INFO ==> Running phase: Validate hosts   
INFO ==> Running phase: Gather k0s facts 
INFO ==> Running phase: Validate facts   
INFO ==> Running phase: Configure k0s    
INFO [ssh] 192.168.1.13:22: validating configuration 
INFO [ssh] 192.168.1.12:22: validating configuration 
INFO [ssh] 192.168.1.11:22: validating configuration 
INFO [ssh] 192.168.1.13:22: configuration was changed 
INFO [ssh] 192.168.1.12:22: configuration was changed 
INFO [ssh] 192.168.1.11:22: configuration was changed 
INFO ==> Running phase: Initialize the k0s cluster 
INFO [ssh] 192.168.1.11:22: installing k0s controller 
INFO [ssh] 192.168.1.11:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.11:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install controllers 
INFO [ssh] 192.168.1.11:22: generating token      
INFO [ssh] 192.168.1.12:22: writing join token    
INFO [ssh] 192.168.1.12:22: installing k0s controller 
INFO [ssh] 192.168.1.12:22: starting service      
INFO [ssh] 192.168.1.12:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.12:22: waiting for kubernetes api to respond 
INFO [ssh] 192.168.1.11:22: generating token      
INFO [ssh] 192.168.1.13:22: writing join token    
INFO [ssh] 192.168.1.13:22: installing k0s controller 
INFO [ssh] 192.168.1.13:22: starting service      
INFO [ssh] 192.168.1.13:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.13:22: waiting for kubernetes api to respond 
INFO ==> Running phase: Install workers  
INFO [ssh] 192.168.1.21:22: validating api connection to https://192.168.1.11:6443 
INFO [ssh] 192.168.1.22:22: validating api connection to https://192.168.1.11:6443 
INFO [ssh] 192.168.1.11:22: generating token      
INFO [ssh] 192.168.1.21:22: writing join token    
INFO [ssh] 192.168.1.22:22: writing join token    
INFO [ssh] 192.168.1.22:22: installing k0s worker 
INFO [ssh] 192.168.1.21:22: installing k0s worker 
INFO [ssh] 192.168.1.22:22: starting service      
INFO [ssh] 192.168.1.22:22: waiting for node to become ready 
INFO [ssh] 192.168.1.21:22: starting service      
INFO [ssh] 192.168.1.21:22: waiting for node to become ready 
INFO ==> Running phase: Release exclusive host lock 
INFO ==> Running phase: Disconnect from hosts 
INFO ==> Finished in 2m13s               
INFO k0s cluster version 1.27.1+k0s.0 is now installed 
INFO Tip: To access the cluster you can now fetch the admin kubeconfig using: 
INFO      k0sctl kubeconfig

But later section

        api:
          externalAddress: 192.168.1.31
          sans:
          - 192.168.1.31

can be added and it works just well:

$ k0sctl apply --config k0sctl.yaml

⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███
⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███          ███    ███
⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███          ███    ███
⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███          ███    ███
⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████    ███    ██████████
k0sctl v0.15.0 Copyright 2022, k0sctl authors.
Anonymized telemetry of usage will be sent to the authors.
By continuing to use k0sctl you agree to these terms:
https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts 
INFO [ssh] 192.168.1.13:22: connected             
INFO [ssh] 192.168.1.22:22: connected             
INFO [ssh] 192.168.1.12:22: connected             
INFO [ssh] 192.168.1.21:22: connected             
INFO [ssh] 192.168.1.11:22: connected             
INFO ==> Running phase: Detect host operating systems 
INFO [ssh] 192.168.1.21:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.22:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.13:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.12:22: is running Ubuntu 22.04.2 LTS 
INFO [ssh] 192.168.1.11:22: is running Ubuntu 22.04.2 LTS 
INFO ==> Running phase: Acquire exclusive host lock 
INFO ==> Running phase: Prepare hosts    
INFO ==> Running phase: Gather host facts 
INFO [ssh] 192.168.1.13:22: using k8s-m3 as hostname 
INFO [ssh] 192.168.1.21:22: using k8s-s1 as hostname 
INFO [ssh] 192.168.1.12:22: using k8s-m2 as hostname 
INFO [ssh] 192.168.1.22:22: using k8s-s2 as hostname 
INFO [ssh] 192.168.1.11:22: using k8s-m1 as hostname 
INFO [ssh] 192.168.1.13:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.21:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.12:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.22:22: discovered enp0s3 as private interface 
INFO [ssh] 192.168.1.11:22: discovered enp0s3 as private interface 
INFO ==> Running phase: Validate hosts   
INFO ==> Running phase: Gather k0s facts 
INFO [ssh] 192.168.1.12:22: is running k0s controller version 1.27.1+k0s.0 
INFO [ssh] 192.168.1.13:22: is running k0s controller version 1.27.1+k0s.0 
INFO [ssh] 192.168.1.11:22: is running k0s controller version 1.27.1+k0s.0 
INFO [ssh] 192.168.1.22:22: is running k0s worker version 1.27.1+k0s.0 
INFO [ssh] 192.168.1.21:22: is running k0s worker version 1.27.1+k0s.0 
INFO [ssh] 192.168.1.11:22: checking if worker k8s-s1 has joined 
INFO [ssh] 192.168.1.11:22: checking if worker k8s-s2 has joined 
INFO ==> Running phase: Validate facts   
INFO ==> Running phase: Configure k0s    
INFO [ssh] 192.168.1.13:22: validating configuration 
INFO [ssh] 192.168.1.12:22: validating configuration 
INFO [ssh] 192.168.1.11:22: validating configuration 
INFO [ssh] 192.168.1.12:22: configuration was changed 
INFO [ssh] 192.168.1.12:22: restarting the k0s service 
INFO [ssh] 192.168.1.13:22: configuration was changed 
INFO [ssh] 192.168.1.13:22: restarting the k0s service 
INFO [ssh] 192.168.1.11:22: configuration was changed 
INFO [ssh] 192.168.1.11:22: restarting the k0s service 
INFO [ssh] 192.168.1.12:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.13:22: waiting for the k0s service to start 
INFO [ssh] 192.168.1.11:22: waiting for the k0s service to start 
INFO ==> Running phase: Release exclusive host lock 
INFO ==> Running phase: Disconnect from hosts 
INFO ==> Finished in 31s                 
INFO k0s cluster version 1.27.1+k0s.0 is now installed 
INFO Tip: To access the cluster you can now fetch the admin kubeconfig using: 
INFO      k0sctl kubeconfig

So that looks like a bug. I think cluster should be created with initial config just well.

My haproxy config is absolutely the same as in official documentation:

...
frontend kubeAPI
    bind :6443
    mode tcp
    default_backend kubeAPI_backend
frontend konnectivity
    bind :8132
    mode tcp
    default_backend konnectivity_backend
frontend controllerJoinAPI
    bind :9443
    mode tcp
    default_backend controllerJoinAPI_backend

backend kubeAPI_backend
    mode tcp
    server k8s-m1 192.168.1.11:6443 check check-ssl verify none
    server k8s-m2 192.168.1.12:6443 check check-ssl verify none
    server k8s-m3 192.168.1.13:6443 check check-ssl verify none
backend konnectivity_backend
    mode tcp
    server k8s-m1 192.168.1.11:6443 check check-ssl verify none
    server k8s-m2 192.168.1.12:6443 check check-ssl verify none
    server k8s-m3 192.168.1.13:6443 check check-ssl verify none
backend controllerJoinAPI_backend
    mode tcp
    server k8s-m1 192.168.1.11:6443 check check-ssl verify none
    server k8s-m2 192.168.1.12:6443 check check-ssl verify none
    server k8s-m3 192.168.1.13:6443 check check-ssl verify none

listen stats
   bind *:9000
   mode http
   stats enable
   stats uri /

@ipeacocks
Copy link

This haproxy config is working just well

frontend kubeAPI
    bind :6443
    option tcplog
    mode tcp
    default_backend back
frontend konnectivityAgent
    bind :8132
    option tcplog
    mode tcp
    default_backend back
frontend konnectivityServer
    bind :8133
    option tcplog
    mode tcp
    default_backend back
frontend controllerJoinAPI
    bind :9443
    option tcplog
    mode tcp
    default_backend back

backend back
    mode tcp
    balance roundrobin
    option tcp-check
    server k8s-m1 192.168.1.11
    server k8s-m2 192.168.1.12
    server k8s-m3 192.168.1.13

@twz123
Copy link
Member

twz123 commented Apr 30, 2023

Glad you've figured it out. Seems like the backend ports in your first example weren't quite right. The docs specify them correctly.

@ipeacocks
Copy link

True. Copy-paste is my main enemy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@kke @twz123 @jnummelin @darktempla @ipeacocks @justmeandopensource @viktormohl