Comments (7)
Hello,
I finally succeeded to install microk8s on the VM by running the following commands :
sudo snap set system proxy.http=http://proxy:port/
sudo snap set system proxy.https=http://proxy:port/
However I’m facing a new issue;
Pods keep restarting with the following error :
Error from server: Get https://ufrparesb012:10250/containerLogs/default/lbs-appli-7b6c65bfd7-fgqmr/lbs-appli?follow=true: Tunnel or SSL Forbidden
Could you help me on this issue ? Thanks a lot
from microk8s.
How do you create snap proxy server?
from microk8s.
Hello,
I did not create any snap proxy server. I 'm behind the customer one.
I just run the commands :
sudo snap set system proxy.http=http://proxy:port/
sudo snap set system proxy.https=http://proxy:port/
to be able to install microk8s offline with "sudo snap ack microk8s.assert && sudo snap install ./microk8s.snap --classic".
So the offline installation doesn't seem really offline.
For the other error reported in that ticket : "Pods keep restarting" , it appears that the partition /var is full leading to error such as "The node was low on resource: ephemeral-storage" and pods eviction.
I hope that the error "Tunnel or SSL Forbidden" is also a side-effect of this /var partition full.
The /var partition should be sized up today to overcome this issue.
Best regards
from microk8s.
Hello
The resizing of the /var partition allows to stabilize all pods.
I'm now facing a DNS issue.
Within a pod the DNS resolution fails to resolve any svc url.
I did setup /etc/environment and /var/snap/microk8s/current/args/containerd-env to specify HTTP_PROXY, HTTPS_PROXY and NO_PROXY but this seems not sufficient to get coredns working properly.
Have you any suggestion?
Thanks a lot!
BTW , I use microk8s 1.28.8
from microk8s.
Hello,
Would you please confirm that the file /etc/environment and /var/snap/microk8s/current/args/containerd-env must be set as below when microk8s is deployed behind a proxy.
The part .svc,.local is not in the official documentation but found googling.
Some other use also .svc,.svc.cluster.local in NO_PROXY
NO_PROXY=,,127.0.0.1,<nodes internal ip(s)>/24,,.svc,.local
Anyway coredns is failing to resolv any name whatever the containerd-env configuration.
Thanks for your help
from microk8s.
Sorry , bad copy/paste. The no_proxy setting is as below. Is that correct?
NO_PROXY=<cluster cidr>,<service cluster ip range>,127.0.0.1,<nodes internal ip(s)>/24,<cluster hostname>,.svc.cluster.local,.cluster.local
no_proxy: <cluster cidr>,<service cluster ip range>,127.0.0.1,<nodes internal ip(s)>/24,<cluster hostname>,.svc.cluster.local,.cluster.local
from microk8s.
Hello
We finally understood that microk8s coredns stop working after reloading the firewalld rules.
This action deleted 2 iptables rules generated for microk8s pods.
Before “firewall-cmd --reload”
# sudo iptables -L
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 10.1.0.0/16 anywhere /* generated for MicroK8s pods */
ACCEPT all -- anywhere 10.1.0.0/16 /* generated for MicroK8s pods */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# sudo firewall-cmd --permanent --add-port=587/tcp
success
After “firewall-cmd --reload”
# sudo firewall-cmd --reload
success
# sudo iptables -L
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
from microk8s.
Related Issues (20)
- MicroK8s 1.28.12 after node restart it doesn't join due to nf_conntrack HOT 2
- MicoK8s issues with Ubuntu 24.04 LTS HOT 1
- Unable to access the Prometheus metrics of kube-scheduler and kube-control-manager in microk8s cluster HOT 6
- max_container_log_line_size should be tunable
- Cryptographic API Misuse Vulnerability HOT 1
- Cannot join on IPv6 address
- Server with `--node-ip=w.x.y.z,foo:bar::baz` specified gets replaced with just the IPv4 address
- Unable to fetch etcd prometheus metrics with multi node microk8s cluster
- worker node doesn't come up after reboot, logs full of `command [/snap/microk8s/7040/microk8s-enable.wrapper ingress] failed with exit code 1: exit status 1` HOT 1
- Add label app.kubernetes.io/part-of when enabling addons HOT 1
- Issue with enabling GPU on Nvidia AGX Orin Dev kit(arm64)
- Microk8s snap fails to install on a machine that has a long hostname
- Can't get insecure registry working uses https instead HOT 2
- Cannot upgrade microk8s v1.27.16 to microk8s v1.28.12 HOT 2
- Prometheus metrics of dqlite HOT 1
- Second node is not reflected in microk8s status after successful join HOT 1
- NFS Volumes not working on microk8s with strict confinement
- pod cycle restart,Pod sandbox changed, it will be killed and re-created. HOT 1
- Setting kubelet log level prevents the service to start HOT 2
- microk8s Allocated Memory Limit Increase HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microk8s.