Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloud controller port clash on k3s >=v1.23.x #20

Open
mkmik opened this issue Dec 14, 2022 · 2 comments
Open

cloud controller port clash on k3s >=v1.23.x #20

mkmik opened this issue Dec 14, 2022 · 2 comments

Comments

@mkmik
Copy link
Contributor

mkmik commented Dec 14, 2022

When using k3s with version >= v1.23.x I get this error when spinning up the cloud controller (which blocks any other component due to the cloud controller readiness taint):

cloud-controller-manager
I1124 09:28:48.381554 1 serving.go:313] Generated self-signed cert in-memory
cloud-controller-manager
failed to create listener: failed to listen on 0.0.0.0:10258: listen tcp 0.0.0.0:10258: bind: address already in use

Turns out this is caused by a change in k3s k3s-io/k3s#6554

I tested the workaround mentioned in that ticket by manually editing /etc/rancher/k3s/config.yaml

 cluster-init: true
 disable-cloud-controller: true
 kube-apiserver-arg:
 - anonymous-auth=true
 - tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384
 kube-controller-manager-arg:
 - cloud-provider=external
 kubelet-arg:
 - cloud-provider=external
+kube-cloud-controller-manager-arg:
+- secure-port=0
 node-name: 'ip-10-0-193-85.ec2.internal'
 tls-san:
 - k3-test-16-apiserver-1867539897.us-east-1.elb.amazonaws.com

A quick look at the server config schema doesn't reveal any trick I can use to set that arg:

type K3sServerConfig struct {
	DisableCloudController    bool     `json:"disable-cloud-controller,omitempty"`
	KubeAPIServerArgs         []string `json:"kube-apiserver-arg,omitempty"`
	KubeControllerManagerArgs []string `json:"kube-controller-manager-arg,omitempty"`
	TLSSan                    []string `json:"tls-san,omitempty"`
	BindAddress               string   `json:"bind-address,omitempty"`
	HttpsListenPort           string   `json:"https-listen-port,omitempty"`
	AdvertiseAddress          string   `json:"advertise-address,omitempty"`
	AdvertisePort             string   `json:"advertise-port,omitempty"`
	ClusterCidr               string   `json:"cluster-cidr,omitempty"`
	ServiceCidr               string   `json:"service-cidr,omitempty"`
	ClusterDNS                string   `json:"cluster-dns,omitempty"`
	ClusterDomain             string   `json:"cluster-domain,omitempty"`
	DisableComponents         []string `json:"disable,omitempty"`
	ClusterInit               bool     `json:"cluster-init,omitempty"`
	K3sAgentConfig            `json:",inline"`
}

should I add KubeCloudControllerManagerArgs ?
@mkmik mkmik mentioned this issue Dec 14, 2022
Merged
@zawachte
Copy link
Collaborator

sgtm

@mkmik
Copy link
Contributor Author

mkmik commented Dec 19, 2022

another option is to disable servicelb with:

apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KThreesControlPlane
....
  kthreesConfigSpec:
    serverConfig:
      disableComponents:
      - servicelb

that also disables the embedded cloud-controller-manager, but

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkmik @zawachte