-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changing kubelet address has no effect on which ip is being listened on for kubelet #9710
Comments
I don't quite understand the issue here. Please describe in more details, so that we can understand. If you're trying to change the kubelet serving address, Talos still expects to be able to talk to the kubelet over localhost. |
Sure, the issue is that talos isn't able to send health checks to the system. Everything is working from a cluster POV, i.e. the pods are all running from the k8s perspective but not from the talos perspective. As seen here:
Output of
dashboard logs:
machine config for controlplane
And I know the static pods are running successfully because I have a custom static pod deployed (a simple nginx server). Just from Talos POV its not. The dashboard is also showing N/A for controllermanager, scheduler, and apiserver. The problem I am having is why is Talos not showing the pod status ? |
Because Talos expects |
Is there no way to change this in the machineconfig? As currently I believe kubelet only allows 0.0.0.0 for all routable interfaces or a single address. |
I don't think so, I think it goes back to the same question you have previously about kube-apiserver. If you want to secure access to cluster components on network level, it's way better to limit access to Talos documentation has detailed recommended rules. |
Understood, was just odd coming from RKE2 and it behaving that way. I'll make a note of that and maybe down the line if time permits I'll take a gander at the source and see if it can be changed at all. Appreciate the help |
Bug Report
Changing kubelet IP address from the default
0.0.0.0
to anything else will cause kubelet to still be checked/served on 127.0.0.1. This could be confusion on my end, but I'm unsure why its still being served on that ip addr. Even with the change to 127.0.0.1. I've also checked the csr and it is approved and signed.Description
I would expect that if I add address: 192.168.0.2 inside of extraConfig in kubelet it should change the kubelet IP.
The support logs show that the address has been changed to 192.168.0.2 kubeletspecs.kubernetes.talos.dev.yaml I guess it's just not reflected in the system as READY checks for APISERVER, CONTROLLER-MANAGER, and SCHEDULER are saying N/A in the dashboard as well via the command
talosctl get staticpods
. But it is showing ready and is working in the cluster via the command:kubectl get pods -A
Logs
"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \"https://127.0.0.1:10250/pods/?timeout=30s\": dial tcp 127.0.0.1:10250: connect: connection refused"
Below is the command for:
talosctl containers --kubernetes
below is the output of:
kubectl get pods -A
below is the output (empty) of:
talosctl get staticpodstatus
Environment
The text was updated successfully, but these errors were encountered: