-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rke2 failed to start with Cilium when kubeProxyReplacement is set to strict or true #4862
Comments
IIRC, without kube-proxy, the operator can't talk to the in-cluster apiserver endpoint to deploy the kube-proxy replacement. You need to customize the apiserver address in the cilium chart config to point at localhost. @manuelbuil should we cover this in our docs? |
Thank you, I added k8sServiceHost and k8sServicePort apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-cilium
namespace: kube-system
spec:
valuesContent: |-
kubeProxyReplacement: true
k8sServiceHost: 192.168.121.201
k8sServicePort: 6443
cni:
chainingMode: "none" And it works
But could you explain me why if I start the 1st time rke2 with the following settings (k8sServiceHost: kubernetes.default.svc.cluster.local) it fails. But If I start rke2 the 1st time with the host IP (k8sServiceHost: 192.168.121.201) and I edit with k8sServiceHost: kubernetes.default.svc.cluster.local and I restart it works ? k8sServiceHost: kubernetes.default.svc.cluster.local
k8sServicePort: 443 |
Kube-proxy is the component that makes cluster service endpoints work - you can't access kubernetes.default.svc.cluster.local without it. That is what I meant when I said
After you've started it once, access to that in-cluster endpoint works - until the next time you reboot. |
Thank you for your reply :) |
Same question here. |
This is more of a Cilium question but I think |
It's already part of our docs with a link to Cilium upstream docs where things are explained in detail |
Ah OK. Well in that case, I'm not sure we need to do anything. Can't help people if they don't read the docs. |
I'm not sure I've seen it in the cilium docs, it's definitely helpful to know that the rke2 api server listens on 127.0.0.1 for each host. |
This should ABSOLUTELY be in the cilium docs, because I ran into this issue on vanilla k3s (not RKE) |
Environmental Info:
RKE2 Version:
Node(s) CPU architecture, OS, and Version:
Cluster Configuration:
1 server
Describe the bug:
Cilium failed with the config explained here => https://docs.rke2.io/install/network_options/
Steps To Reproduce:
/etc/rancher/rke2/config.yaml
/var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
Additional context / logs:
The text was updated successfully, but these errors were encountered: