Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Release-1.27] - Kine TLS support for k3s #9848

Closed
vitorsavian opened this issue Apr 1, 2024 · 1 comment
Closed

[Release-1.27] - Kine TLS support for k3s #9848

vitorsavian opened this issue Apr 1, 2024 · 1 comment
Assignees
Milestone

Comments

@vitorsavian
Copy link
Member

Backport fix for Kine TLS support for k3s

@VestigeJ
Copy link

VestigeJ commented Apr 3, 2024

##Environment Details
Reproduced using VERSION=v1.27.12+k3s1
Validated using COMMIT=9176d7f68aa2de7c2d83d921d6e09a7ee7b2d9f0

Infrastructure

  • Cloud

Node(s) CPU architecture, OS, and version:

Linux 5.14.21-150500.53-default x86_64 GNU/Linux
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"

Cluster Configuration:

NAME               STATUS   ROLES                  AGE   VERSION
ip-1-31-27-19      Ready    control-plane,master   85s   v1.27.12+k3s-9176d7f6

Config.yaml:

node-external-ip: 1.31.27.19
token: YOUR_TOKEN_HERE
write-kubeconfig-mode: 644
debug: true
protect-kernel-defaults: true
embedded-registry: true
kine-tls: true

Reproduction

$ curl https://get.k3s.io --output install-"k3s".sh
$ sudo chmod +x install-"k3s".sh
$ sudo groupadd --system etcd && sudo useradd -s /sbin/nologin --system -g etcd etcd
$ sudo modprobe ip_vs_rr
$ sudo modprobe ip_vs_wrr
$ sudo modprobe ip_vs_sh
$ sudo printf "on_oovm.panic_on_oom=0 \nvm.overcommit_memory=1 \nkernel.panic=10 \nkernel.panic_ps=1 \nkernel.panic_on_oops=1 \n" > ~/90-kubelet.conf
$ sudo cp 90-kubelet.conf /etc/sysctl.d/
$ sudo systemctl restart systemd-sysctl
$ COMMIT=9176d7f68aa2de7c2d83d921d6e09a7ee7b2d9f0
$ sudo INSTALL_K3S_COMMIT=$COMMIT INSTALL_K3S_EXEC="server --kine-tls" ./install-k3s.sh
$ kgp -o wide -A
$ sudo etcdctl endpoint status --cacert=/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --endpoints=unixs:///var/lib/rancher/k3s/server/kine.sock -w table

Results:

//existing release does not support the feature change
$ sudo INSTALL_K3S_VERSION=$VERSION INSTALL_K3S_EXEC="server --kine-tls" ./install-k3s.sh

[INFO]  Using v1.27.12+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.27.12+k3s1/sha256sum-amd64.txt
[INFO]  Skipping binary downloaded, installed k3s matches hash
[INFO]  Skipping installation of SELinux RPM
[INFO]  Skipping /usr/local/bin/kubectl symlink to k3s, already exists
[INFO]  Skipping /usr/local/bin/crictl symlink to k3s, already exists
[INFO]  Skipping /usr/local/bin/ctr symlink to k3s, already exists
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s
Job for k3s.service failed because the control process exited with error code.
See "systemctl status k3s.service" and "journalctl -xeu k3s.service" for details.

//new release works with both server arg --kine-tls and config.yaml arg kine-tls: true

$ sudo etcdctl endpoint status --cacert=/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --endpoints=unixs:///var/lib/rancher/k3s/server/kine.sock -w table

+-----------------------------------------------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|                   ENDPOINT                    | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+-----------------------------------------------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| unixs:///var/lib/rancher/k3s/server/kine.sock |  0 |         |  2.8 MB |      true |      false |         0 |          0 |                  0 |        |
+-----------------------------------------------+----+---------+---------+-----------+------------+-----------+------------+--------------------+--------+

@VestigeJ VestigeJ closed this as completed Apr 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

No branches or pull requests

3 participants