zimmertr / tjs-kubernetes-service Goto Github PK

Hello,
thank you for your Work.

i am geting stoped at TASK [Configuring the VM Hardware.] ***
with error "unable to parse directory volume name 'vm-3010-disk-03

My SSH screenshot:

Keffa

Man, I found this project looking for a way to run k8s on Proxmox easily. I thought "hell yea! this guy did the work for me."

But then I tried it and failed despite not being new to any of this. My pods were unable to communicate with each other. I tried everything I could think of: using canal instead of calico, using flannel instead of canal, using vxlan, using udp, using host-gw. Nothing was working. I could maybe ping between nodes, but certainly not pods.

Then, I found it! Debian 10 / Buster is using iptables >= 1.8, which operates in NFT mode by default.

I found two solutions. One is to install arptables and ebtables as part of the base packages, and then use something like this to force legacy mode:

      - name: Enabling iptables-legacy mode.
        become: yes
        shell: >
            update-alternatives --set {{ item.name }} /usr/sbin/{{ item.name }}-legacy
        with_items:
            - { name: "iptables" }
            - { name: "ip6tables" }
            - { name: "arptables" }
            - { name: "ebtables" }

The other requires Calico v3.8.1 which added support for this version of iptables. For this to work you must set FELIX_IPTABLESBACKEND=NFT. I'm not great at Ansible, so I came up with this:

      - name: Enable nftables backend for Calico.
        blockinfile:
            path: /tmp/calico.yml
            insertbefore: '^\s*securityContext\:'
            block: |4
                            - name: FELIX_IPTABLESBACKEND
                              value: "NFT"

That wouldn't work for like flannel though, I think. Either way, I tested both solutions and they both provide pod to pod communication. I deployed MetalLB on top and it could communicate with the apiserver (which it failed to do before, which is how I noticed all of this).

Rolling this with an ubuntu image (of any kind) causes it to hang after kernal panic. this looks to be related to what's in this:
https://kb.vmware.com/s/article/52683
Thread.

Basically, if you don't start the VM with a serial port, it will get stuck in kernal panic. Solving this can be done with qm set vmid --serial 0 or via doing it in the UI during the process before the reboot happens

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update terraform proxmox to v0.61.1
• chore(deps): update terraform talos to v0.5.0

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

deploy_qcow2_vms.yml (line 78):

qm resize {{ item.id }} scsi0 {{ item.size }}

This resizing works, but somehow ProxMox doesn't recognize or report the change and Ansible doesn't see it and fails the task. I find if I wait a few minutes, ProxMox (and the dashboard) catch up and show the proper resized value. I get past it by waiting or manually adding 1G to each scsi0 disk in the ProxMox dashboard, and then restarting the playbook after the resize task. All's well from there.

Talos 1.5.3, k8s 1.28.2

TLS Issue

Hi and thanks for sharing your setup :)

New to talos and k8s (been using k3s) and have an issue with internal certs not getting signed.

All the csr are 'denied' and I am unable to get the metrics server working amongst other things.

You refer in the link to that thread being the solution, but I am not so sure how that relates here?

Any pointers would be a great help to get the cluster core up and running :)

Thanks

Is this setup will work on a proxmox ceph cluster?

This is a fresh deployment as of last night. I am unable to deploy heapster and influxdb. Running the following versions-

Running pve-manager/6.0-4/2a719255 (running kernel: 5.0.15-1-pve)

https://cdimage.debian.org/cdimage/openstack/current/debian-10.1.2-20190925-openstack-amd64.qcow2

TASK [Deploying Heapster, InfluxDB, and configuring RBAC for the Dashboard stack.] ********************************************************** ok: [mymaster] => (item=sa_heapster.yml) ok: [mymaster] => (item=rb_heapster.yml) ok: [mymaster] => (item=svc_heapster.yml) ok: [mymaster] => (item=svc_influxdb.yml) failed: [mymaster] (item=dep_heapster.yml) => {"ansible_loop_var": "item", "changed": false, "item": "dep_heapster.yml", "msg": "Failed to find exact match for extensions/v1beta1.Deployment by [kind, name, singularName, shortNames]"} failed: [mymaster] (item=dep_influxdb.yml) => {"ansible_loop_var": "item", "changed": false, "item": "dep_influxdb.yml", "msg": "Failed to find exact match for extensions/v1beta1.Deployment by [kind, name, singularName, shortNames]"}

when using the delete_all_resources.yml, it does not remove the Kubernetes pool that have been created.

https://github.com/zimmertr/Bootstrap-Kubernetes-with-QEMU/blob/26972f6313defb69a03e1126dba6ded4e87bcd51/playbooks/main/bootstrap_kubernetes.yml#L52

Should be - name: Configuring RBAC for the Dashboard service account.