Comments (7)
Hello,
I finally succeeded to install microk8s on the VM by running the following commands :
sudo snap set system proxy.http=http://proxy:port/
sudo snap set system proxy.https=http://proxy:port/
However I’m facing a new issue;
Pods keep restarting with the following error :
Error from server: Get https://ufrparesb012:10250/containerLogs/default/lbs-appli-7b6c65bfd7-fgqmr/lbs-appli?follow=true: Tunnel or SSL Forbidden
Could you help me on this issue ? Thanks a lot
from microk8s.
How do you create snap proxy server?
from microk8s.
Hello,
I did not create any snap proxy server. I 'm behind the customer one.
I just run the commands :
sudo snap set system proxy.http=http://proxy:port/
sudo snap set system proxy.https=http://proxy:port/
to be able to install microk8s offline with "sudo snap ack microk8s.assert && sudo snap install ./microk8s.snap --classic".
So the offline installation doesn't seem really offline.
For the other error reported in that ticket : "Pods keep restarting" , it appears that the partition /var is full leading to error such as "The node was low on resource: ephemeral-storage" and pods eviction.
I hope that the error "Tunnel or SSL Forbidden" is also a side-effect of this /var partition full.
The /var partition should be sized up today to overcome this issue.
Best regards
from microk8s.
Hello
The resizing of the /var partition allows to stabilize all pods.
I'm now facing a DNS issue.
Within a pod the DNS resolution fails to resolve any svc url.
I did setup /etc/environment and /var/snap/microk8s/current/args/containerd-env to specify HTTP_PROXY, HTTPS_PROXY and NO_PROXY but this seems not sufficient to get coredns working properly.
Have you any suggestion?
Thanks a lot!
BTW , I use microk8s 1.28.8
from microk8s.
Hello,
Would you please confirm that the file /etc/environment and /var/snap/microk8s/current/args/containerd-env must be set as below when microk8s is deployed behind a proxy.
The part .svc,.local is not in the official documentation but found googling.
Some other use also .svc,.svc.cluster.local in NO_PROXY
NO_PROXY=,,127.0.0.1,<nodes internal ip(s)>/24,,.svc,.local
Anyway coredns is failing to resolv any name whatever the containerd-env configuration.
Thanks for your help
from microk8s.
Sorry , bad copy/paste. The no_proxy setting is as below. Is that correct?
NO_PROXY=<cluster cidr>,<service cluster ip range>,127.0.0.1,<nodes internal ip(s)>/24,<cluster hostname>,.svc.cluster.local,.cluster.local
no_proxy: <cluster cidr>,<service cluster ip range>,127.0.0.1,<nodes internal ip(s)>/24,<cluster hostname>,.svc.cluster.local,.cluster.local
from microk8s.
Hello
We finally understood that microk8s coredns stop working after reloading the firewalld rules.
This action deleted 2 iptables rules generated for microk8s pods.
Before “firewall-cmd --reload”
# sudo iptables -L
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 10.1.0.0/16 anywhere /* generated for MicroK8s pods */
ACCEPT all -- anywhere 10.1.0.0/16 /* generated for MicroK8s pods */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# sudo firewall-cmd --permanent --add-port=587/tcp
success
After “firewall-cmd --reload”
# sudo firewall-cmd --reload
success
# sudo iptables -L
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
from microk8s.
Related Issues (20)
- Traceback on `microk8s.enable dns`: `subprocess.CalledProcessError` HOT 1
- If NetworkManager is running connectivity-checks expect some suspicious looking logs
- add_token script creates small token sizes HOT 1
- Unable to install using brew on Mac M1. Download error HOT 4
- "Address not allowed" when trying to get stats summary of the node HOT 1
- Issue with pulling an image from the microk8s registry
- v1.29/stable not working on hetzner HOT 5
- Remote access to Microk8s Cluster running on a MacOS HOT 2
- how to update metaalb address range HOT 1
- The Microk8s Addon's GPU is not working. HOT 1
- traefik-dashboard pod not created after `microk8s enable traefik` HOT 1
- Expose port on host machine problem HOT 1
- launch failed: Cannot open image file for computing hash HOT 2
- [MinIO addon] console pod goes into ImagePullBackOff HOT 5
- Microk8s clustering, Connection Filed, Invalid Token (500) error only when joining cluster with --worker flag in 1.30/stable HOT 1
- Status --wait-ready never ends HOT 1
- Installation of 1.30/stable on debian-12-genericcloud-amd64.qcow2 fails HOT 12
- Question: why microk8s.ctr shows additional container images tagged by hash HOT 1
- Join microk8s nodes in multipass VMs from two different physical machines on the same local network
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microk8s.