Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servers run with --disable-agent still attempt to run agent tunnel authorizer #7329

Closed
brandond opened this issue Apr 20, 2023 · 1 comment
Closed

Servers run with --disable-agent still attempt to run agent tunnel authorizer #7329

brandond opened this issue Apr 20, 2023 · 1 comment
Assignees
@brandond @VestigeJ
Milestone
v1.27.2+k3s1

Comments

@brandond
Copy link
Contributor

brandond commented Apr 20, 2023
edited
Loading

When servers are started with the --disable-agent and --debug flags, the following message is logged at 1 second intervals:

DEBU[0009] Tunnel authorizer failed to get Kubelet Port: nodes "k3s-server-1" not found
DEBU[0010] Tunnel authorizer failed to get Kubelet Port: nodes "k3s-server-1" not found
DEBU[0011] Tunnel authorizer failed to get Kubelet Port: nodes "k3s-server-1" not found
DEBU[0012] Tunnel authorizer failed to get Kubelet Port: nodes "k3s-server-1" not found
DEBU[0013] Tunnel authorizer failed to get Kubelet Port: nodes "k3s-server-1" not found

The agent tunnel authorizer code should not run when the agent has been disabled.
@brandond brandond changed the title Servers run with --disable-agentstill attempt to run agent tunnel authorizer Servers run with --disable-agent still attempt to run agent tunnel authorizer Apr 20, 2023
@brandond brandond self-assigned this Apr 20, 2023
@brandond brandond added this to the v1.26.5+k3s1 milestone Apr 20, 2023
@brandond brandond mentioned this issue Apr 20, 2023
Merged
@brandond brandond modified the milestones: v1.26.5+k3s1, v1.27.2+k3s1 May 9, 2023
This was referenced May 9, 2023
Closed
Closed
Closed
@mdrahman-suse mdrahman-suse assigned VestigeJ and unassigned endawkins May 15, 2023
@VestigeJ
Copy link

##Environment Details
VERSION=v1.27.1+k3s1
COMMIT=2b24c9917cdfec92439ac68dd6706fffe20195a5

Infrastructure

  • Cloud

Node(s) CPU architecture, OS, and version:

Linux 5.14.21-150400.24.11-default x86_64 GNU/Linux 
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP4"

Cluster Configuration:

1 server 1 agent

Config.yaml:

write-kubeconfig-mode: 644
debug: true
token: meremortalsmustardsauce

Reproduced LogSpam here

$ curl https://get.k3s.io --output install-"k3s".sh
$ sudo chmod +x install-"k3s".sh
$ sudo groupadd --system etcd && sudo useradd -s /sbin/nologin --system -g etcd etcd
$ sudo modprobe ip_vs_rr
$ sudo modprobe ip_vs_wrr
$ sudo modprobe ip_vs_sh
$ sudo printf "on_oovm.panic_on_oom=0 \nvm.overcommit_memory=1 \nkernel.panic=10 \nkernel.panic_ps=1 \nkernel.panic_on_oops=1 \n" > ~/60-rke2-cis.conf or ~/90-kubelet.conf
$ sudo cp 60-rke2-cis.conf /etc/sysctl.d/ or 90-kubelet.conf
$ sudo systemctl restart systemd-sysctl
$ sudo INSTALL_K3S_VERSION=v1.27.1+k3s1 INSTALL_K3S_EXEC="server --disable-agent sh -s -" ./install-k3s.sh 
$ set_kubefig
$ kgn
$ kgp -A
$ sudo journalctl -u k3s | grep -i "tunnel authorizer"
$ get_report

Results:

$ sudo journalctl -u k3s | grep -i "tunnel authorizer"

May 16 23:00:13 ip-172-31-26-139 k3s[8313]: time="2023-05-16T23:00:13Z" level=info msg="Tunnel authorizer set Kubelet Port 10250"
May 16 23:04:06 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:06Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:07 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:07Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:08 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:08Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:09 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:09Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:10 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:10Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:11 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:11Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:12 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:12Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:13 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:13Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:14 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:14Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:15 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:15Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:16 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:16Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:17 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:17Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:18 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:18Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:19 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:19Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:20 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:20Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:21 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:21Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:22 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:22Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:23 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:23Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:24 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:24Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:25 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:25Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:26 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:26Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:27 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:27Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:28 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:28Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:29 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:29Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:30 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:30Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:31 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:31Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:32 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:32Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:33 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:33Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:34 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:34Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:35 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:35Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:36 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:36Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:37 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:37Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:38 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:38Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:39 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:39Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:40 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:40Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:41 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:41Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:42 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:42Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:43 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:43Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:44 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:44Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:45 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:45Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:46 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:46Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:47 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:47Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:48 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:48Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:49 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:49Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:50 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:50Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:51 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:51Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:52 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:52Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:53 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:53Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"
May 16 23:04:54 ip-172-31-26-139 k3s[11356]: time="2023-05-16T23:04:54Z" level=debug msg="Tunnel authorizer failed to get Kubelet Port: nodes \"ip-172-31-26-139\" not found"

New COMMIT does not continue to try to run the agent tunnel authorizer

Validation Steps

$ sudo INSTALL_K3S_COMMIT=2b24c9917cdfec92439ac68dd6706fffe20195a5 INSTALL_K3S_EXEC="server --disable-agent sh -s -" ./install-k3s.sh 
$ set_kubefig //export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
$ kgn //kubectl get nodes
$ kgp -A //kubectl get pods -A
$ sudo journalctl -u k3s | grep -i "tunnel authorizer"

Results:

$ kubectl get no,po -A

NAME                    STATUS   ROLES    AGE   VERSION
node/ip-172-31-30-133   Ready    <none>   81s   v1.27.1+k3s-2b24c991

NAMESPACE     NAME                                         READY   STATUS      RESTARTS   AGE
kube-system   pod/local-path-provisioner-957fdf8bc-9wrpl   1/1     Running     0          3m17s
kube-system   pod/coredns-77ccd57875-zhqv4                 1/1     Running     0          3m17s
kube-system   pod/svclb-traefik-88d1acee-jrjvm             2/2     Running     0          70s
kube-system   pod/helm-install-traefik-crd-97xjp           0/1     Completed   0          3m18s
kube-system   pod/helm-install-traefik-sbftv               0/1     Completed   1          3m18s
kube-system   pod/traefik-64f55bb67d-hqbmq                 1/1     Running     0          70s
kube-system   pod/metrics-server-54dc485875-2rzpg          1/1     Running     0          3m17s

$ sudo journalctl -u k3s | grep -i "tunnel authorizer"
N/A

Additional context / logs:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@VestigeJ VestigeJ

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.27.2+k3s1
Development

No branches or pull requests
3 participants
@brandond @VestigeJ @endawkins