guide

guide copied to clipboard

Update README.md

[]

Some changes about grammar

freddy1020

Rook block device not working for ReadWriteMany

[{"_id":"63804d9c4b97542c9a30495c","body":"\r\n`*.rbd.csi.ceph.com` storage class provisioners only supports `Read\/Write Single Pod` while `*.cephfs.csi.ceph.com` supports `Read\/Write Multiple Pods` . \r\nhttps:\/\/kubernetes-csi.github.io\/docs\/drivers.html\r\n\r\nI'm not sure what your use case is, whether you need a raw block volume or a filesystem volume, but if you need `ReadWriteMany` filesystem volume you will have deploy cephfs on top of ceph RBD. \r\n","issue_id":1660244372406,"origin_id":835493732,"user_origin_id":10202691,"create_time":1620504419,"update_time":1620504419,"id":1669352860903,"updated_at":"2022-11-25T05:07:40.903000Z","created_at":"2022-11-25T05:07:40.903000Z"},{"_id":"63804d9c4b97542c9a30495d","body":"It is not the problem of Rook. You see that issue because PVC is Project\/Namespace specific. And PV is available cluster wide accessible.\r\nOne has to create respective PVC for namespace where it is needed and not in another Namespace. PVC cannot be cross referenced in another Namespace.","issue_id":1660244372406,"origin_id":1297405290,"user_origin_id":18686082,"create_time":1667236289,"update_time":1667236349,"id":1669352860906,"updated_at":"2022-11-25T05:07:40.906000Z","created_at":"2022-11-25T05:07:40.906000Z"},{"_id":"662b839f23eede2dcf084304","body":"> It is not the problem of Rook. You see that issue because PVC is Project\/Namespace specific. And PV is available cluster wide accessible. One has to create respective PVC for namespace where it is needed and not in another Namespace. PVC cannot be cross referenced in another Namespace.\r\n\r\nThat answer is just wrong and doesn't even make any sense at all. It has nothing todo with any namespaces and the OP already gave a hint on what's the issue.\r\n\r\nAs @ericgraf pointed out in his comment, ceph-csi doesn't support ReadWriteMany for rbd volumes (most likely because rbd doesn't support it, which would make absolute sense given that it's block storage). This is not a rook issue and it won't be fixed by ceph either so this issue can be closed.","issue_id":1660244372406,"origin_id":1802794531,"user_origin_id":25184957,"create_time":1699483270,"update_time":1699483270,"id":1714127775387,"updated_at":"2024-04-26T10:36:15.386000Z","created_at":"2024-04-26T10:36:15.386000Z"}]

Whe trying to create a `PersistentVolumeClaim` with `ReadWriteMany`, I get the following error when running `kubectl describe pvc `: ``` rook multi node access modes are only supported on rbd...

henrywhitaker3

Update README.md

[]

correct a typo error

YiSunny

Help me !!!!!

[]

I am Chinese with poor english. I want to run my wireguard server on cloud provider, Because I often change cloud service providers, so i want to deploy my cluster...

1995chen

Unable to resize persistent volume with rook

[{"_id":"63804d2b70db72139b10e230","body":"I decided to play around with this and completely uninstalled rook and then installed it again. But now it seems that the rook-ceph-mon pod is no longer getting started by the operator. Any idea?","issue_id":1660244372420,"origin_id":888530994,"user_origin_id":752642,"create_time":1627497298,"update_time":1627497298,"id":1669352747187,"updated_at":"2022-11-25T05:05:47.187000Z","created_at":"2022-11-25T05:05:47.187000Z"},{"_id":"63804d2b70db72139b10e231","body":"Hey there. \r\n\r\nCould it be that your storage device is already formatted and rook is unable to claim it?\r\n\r\nP.S. Even though you seem to have deleted your comment regarding `allowVolumeExpansion`, I added it to the manifest. Thanks for the hint.","issue_id":1660244372420,"origin_id":888536496,"user_origin_id":600097,"create_time":1627497840,"update_time":1627497840,"id":1669352747190,"updated_at":"2022-11-25T05:05:47.190000Z","created_at":"2022-11-25T05:05:47.190000Z"},{"_id":"63804d2b70db72139b10e232","body":"Thanks for the reply!\r\nThat's actually a good thought, I didn't think to recreate the storage device.\r\n\r\nThe reason I delete my comment about `allowVolumeExpansion` was that it wasn't working even after adding that. But what I found is that you also should add the following parameter to the storage class to allow it to expand.\r\n```\r\ncsi.storage.k8s.io\/controller-expand-secret-name: rook-csi-rbd-provisioner\r\ncsi.storage.k8s.io\/controller-expand-secret-namespace: rook\r\n```\r\n\r\nHowever I wasn't able to properly try it out since I haven't gotten rook to work again. I'll try your suggestion and get back","issue_id":1660244372420,"origin_id":888538197,"user_origin_id":752642,"create_time":1627498020,"update_time":1627498028,"id":1669352747193,"updated_at":"2022-11-25T05:05:47.192000Z","created_at":"2022-11-25T05:05:47.192000Z"},{"_id":"63804d2b70db72139b10e233","body":"oh, I see. this only works with the flex driver. I just pushed the changes to use the parameters you mentioned.","issue_id":1660244372420,"origin_id":888541812,"user_origin_id":600097,"create_time":1627498379,"update_time":1627498379,"id":1669352747195,"updated_at":"2022-11-25T05:05:47.195000Z","created_at":"2022-11-25T05:05:47.195000Z"},{"_id":"63804d2b70db72139b10e234","body":"Seems like rook still doesn't want to work after recreating the storage device. I guess it may have left some other stray files on the systems.\r\n","issue_id":1660244372420,"origin_id":888549652,"user_origin_id":752642,"create_time":1627499144,"update_time":1627499144,"id":1669352747198,"updated_at":"2022-11-25T05:05:47.197000Z","created_at":"2022-11-25T05:05:47.197000Z"},{"_id":"63804d2b70db72139b10e235","body":"Unfortunately, this is not easy to debug. Maybe this could help? https:\/\/github.com\/rook\/rook\/blob\/master\/Documentation\/ceph-common-issues.md#failing-mon-pod","issue_id":1660244372420,"origin_id":888551769,"user_origin_id":600097,"create_time":1627499355,"update_time":1627499469,"id":1669352747200,"updated_at":"2022-11-25T05:05:47.200000Z","created_at":"2022-11-25T05:05:47.200000Z"},{"_id":"63804d2b70db72139b10e236","body":"After researching and recreating my whole cluster to get rook working it appears that expanding a volume still doesn't work. Unfortunate\r\n\r\n```\r\nWarning ExternalExpanding 17s volume_expand Ignoring the PVC: didn't find a plugin capable of expanding the volume; waiting for an external controller to process this PVC.\r\n```","issue_id":1660244372420,"origin_id":889036205,"user_origin_id":752642,"create_time":1627557829,"update_time":1627558341,"id":1669352747203,"updated_at":"2022-11-25T05:05:47.202000Z","created_at":"2022-11-25T05:05:47.202000Z"}]

I was playing around with this and noticed that you can't dynamically resize a rook-block volume. Perhaps this is at least worth mentioning in the guide, or to find a...

faejr

Issues when installing and how I solved them

[{"_id":"638055f04b97542c9a30526e","body":"@PieterScheffers Thank you Pieter!\r\n\r\nI was having an issue with a node marked as `NotReady` after an upgrade. \r\n\r\nI reinstalled the headers and now everything is back to normal \ud83e\udd73","issue_id":1660244372424,"origin_id":595083420,"user_origin_id":215009,"create_time":1583395409,"update_time":1583395409,"id":1669354992579,"updated_at":"2022-11-25T05:43:12.578000Z","created_at":"2022-11-25T05:43:12.578000Z"},{"_id":"638055f04b97542c9a30526f","body":"@PieterScheffers did you use the provisioning repository or did you encounter these problems during a manual setup?","issue_id":1660244372424,"origin_id":848238117,"user_origin_id":600097,"create_time":1621974580,"update_time":1621974580,"id":1669354992582,"updated_at":"2022-11-25T05:43:12.582000Z","created_at":"2022-11-25T05:43:12.582000Z"},{"_id":"638055f04b97542c9a305270","body":"@pstadler I did a manual setup, so it could very well be that I did something wrong.","issue_id":1660244372424,"origin_id":848548512,"user_origin_id":5553195,"create_time":1622015282,"update_time":1622015282,"id":1669354992586,"updated_at":"2022-11-25T05:43:12.586000Z","created_at":"2022-11-25T05:43:12.586000Z"},{"_id":"638055f04b97542c9a305272","body":"I want to mention that `networking` option doesn't work for me under `InitConfiguration` I put this option under `ClusterConfiguration` and it worked\r\n```\r\napiVersion: kubeadm.k8s.io\/v1beta1\r\nkind: ClusterConfiguration\r\nnetworking:\r\n podSubnet: 10.32.0.0\/12\r\n```\r\n\r\nThank you, Pieter!","issue_id":1660244372424,"origin_id":850892991,"user_origin_id":63161910,"create_time":1622319500,"update_time":1622319500,"id":1669354992590,"updated_at":"2022-11-25T05:43:12.589000Z","created_at":"2022-11-25T05:43:12.589000Z"}]

First I must say thank you for this great guide! It gives a very good explanation how to install everything and how it fits together. When installing this I came...

PieterScheffers

[Question] Help with weave net setup

[{"_id":"63805d1270db72139b10f285","body":"So I got it working by running `ufw allow 10250` and `ufw allow 6783`, but I got a feeling that it's not the correct way of doing it. The connections should work through the weave interface and that should already be allowed with the command that's mentioned in the guide `ufw allow in on weave`. Do I need to add more ip routes than the 10.96.x.x range? I see a lot of mentions of 10.32.x.x.\r\n\r\nEven though I got the weave network to \"work\" and got to deploy the tls and the dashboard, the dashboard keeps redirect looping to the front page saying \r\n\r\n> the server could not find the requested resource\r\n> Redirecting to previous state in 3 seconds\r\n\r\nIn the logs for the dashboard it also mentions the 10.32 ip: \r\n\r\n> 2020\/05\/21 16:58:00 [2020-05-21T16:58:00Z] Incoming HTTP\/1.1 GET \/api\/v1\/login\/status request from 10.32.0.1:39446: {}\r\n> 2020\/05\/21 16:58:00 [2020-05-21T16:58:00Z] Outcoming response to 10.32.0.1:39446 with 200 status code\r\n> 2020\/05\/21 16:58:00 [2020-05-21T16:58:00Z] Incoming HTTP\/1.1 GET \/api\/v1\/overview?filterBy=&itemsPerPage=10&name=&page=1&sortBy=d,creationTimestamp request from 10.32.0.1:39446: {}\r\n> 2020\/05\/21 16:58:00 Getting config category\r\n> 2020\/05\/21 16:58:00 Getting discovery and load balancing category\r\n> 2020\/05\/21 16:58:00 Getting lists of all workloads\r\n> 2020\/05\/21 16:58:00 the server could not find the requested resource\r\n> 2020\/05\/21 16:58:00 [2020-05-21T16:58:00Z] Outcoming response to 10.32.0.1:39446 with 404 status code","issue_id":1660244372427,"origin_id":632228004,"user_origin_id":1867002,"create_time":1590080760,"update_time":1590080760,"id":1669356818829,"updated_at":"2022-11-25T06:13:38.829000Z","created_at":"2022-11-25T06:13:38.829000Z"},{"_id":"63805d1270db72139b10f286","body":"I remember running into issues with weave net when I tried Hobby Kube more than a year ago. \r\nI have this bookmarked from back then, maybe it's the same issue you are running into: \r\nhttps:\/\/github.com\/weaveworks\/weave\/issues\/2736\r\n","issue_id":1660244372427,"origin_id":632243146,"user_origin_id":6015902,"create_time":1590082494,"update_time":1590082494,"id":1669356818833,"updated_at":"2022-11-25T06:13:38.832000Z","created_at":"2022-11-25T06:13:38.832000Z"},{"_id":"63805d1270db72139b10f287","body":"Not sure what the problem is, but my first guess would be a missing kernel module or parameter. Where are you hosting this?","issue_id":1660244372427,"origin_id":633104876,"user_origin_id":600097,"create_time":1590256176,"update_time":1590256176,"id":1669356818836,"updated_at":"2022-11-25T06:13:38.835000Z","created_at":"2022-11-25T06:13:38.835000Z"},{"_id":"63805d1270db72139b10f288","body":"Actually, could some of the notes from https:\/\/github.com\/hobby-kube\/guide\/issues\/74 fix this?","issue_id":1660244372427,"origin_id":633109052,"user_origin_id":600097,"create_time":1590257537,"update_time":1590257537,"id":1669356818838,"updated_at":"2022-11-25T06:13:38.838000Z","created_at":"2022-11-25T06:13:38.838000Z"},{"_id":"63805d1270db72139b10f289","body":"@godwhoa Thanks for the input, but if network-overlaping was the issue, opening the ports that I did to make the weave-part work would probably not have solved the weave-part of the issue? I might be off on that.\r\n\r\n@pstadler I'm hosting it using 3 vpns from Hetzner. I didn't use their new private network. So I did the 4. step and that made it possible for me to remove the two ports that I needed to allow to make weave work! So, that part looks to be solved, thanks! However, the dashboard still seems to not work properly, but navigating directly to some of the sub-menu items (like \/#!\/node) works and stops the redirect-loop. Some of the sub-menu items triggers the redirection (404) again (like \/#!\/replicaset). This might even be an issue within the dashboard itself and not related to the setup, I find it hard to tell since I've never done anything with Kubernetes before following this guide.","issue_id":1660244372427,"origin_id":633142745,"user_origin_id":1867002,"create_time":1590269237,"update_time":1590269237,"id":1669356818840,"updated_at":"2022-11-25T06:13:38.840000Z","created_at":"2022-11-25T06:13:38.840000Z"},{"_id":"63805d1270db72139b10f28a","body":"Got the same problem with the dashboard. Need to update to a recent version at some point.","issue_id":1660244372427,"origin_id":633530099,"user_origin_id":600097,"create_time":1590406796,"update_time":1590406796,"id":1669356818843,"updated_at":"2022-11-25T06:13:38.843000Z","created_at":"2022-11-25T06:13:38.843000Z"},{"_id":"63805d1270db72139b10f28c","body":"Just chiming in, I followed this great guide as well and used Hetzner as well. Had same issue and step 4 from #74 fixed it.\r\n","issue_id":1660244372427,"origin_id":643555947,"user_origin_id":6304149,"create_time":1592015314,"update_time":1592015314,"id":1669356818847,"updated_at":"2022-11-25T06:13:38.847000Z","created_at":"2022-11-25T06:13:38.847000Z"}]

Hi, First of all, let me thank you for this amazing guide. I'm very new to kubernetes and having a guide like this to follow helps a lot when trying...

thomkle

Consider adding Tokenrequest

[{"_id":"63805129bc25e83db00a329f","body":"First of all, thanks for your effort creating this issue. I don't see this within the scope of the hobby-kube project at this point and adding this will certainly make things more complicated.\r\n\r\nHowever, if the changes make sense for a broader audience I'd consider adding this. Are you aware of any other project or reason for enabling this API?","issue_id":1660244372431,"origin_id":633107398,"user_origin_id":600097,"create_time":1590256974,"update_time":1590256974,"id":1669353769027,"updated_at":"2022-11-25T05:22:49.026000Z","created_at":"2022-11-25T05:22:49.026000Z"},{"_id":"63805129bc25e83db00a32a0","body":"_(Hi, sorry, I did miss the notification)_\r\n\r\nFirst notice that **my example with istio** is only here as an example. The goal is not for this project to support istio or whatever but to implement. (as english is not my mother language, i wasn't sure it was clear in the first post).\r\n\r\n# What is `TokenRequest`\r\n\r\n`TokenRequest` were introduced here: https:\/\/github.com\/kubernetes\/community\/pull\/1460\/files?short_path=31a0d46#diff-31a0d46d154a2c02fe8cb4fa8d349d26. \r\n\r\n# How much widespread is `TokenRequest`\r\n\r\n`TokenRequest` was then implemented in https:\/\/github.com\/kubernetes\/kubernetes\/issues\/58790 and available in alpha in 1.10 and in beta in 1.12. It is still beta in 1.12.\r\n\r\n**I think all the cloud providers support `TokenRequest`.**\r\n\r\n# Why `TokenRequest`\r\n\r\nAs a summary of the above documents, it helps:\r\n- **increasing security**: TokenRequest are time bound and audience bound\r\n- helping scalibility\r\n\r\n# Why `TokenRequest` in hobby-kube\r\n\r\nI'm aware that as itself **fine grained security** (security to protect against attack where the attackers as already access to something in the cluster) or **scalability** are not **strong goal of this project.** The name is \"hobby-kube\".\r\nI see more this enhancement as a **usability** helper so user don't have warning or worse not working if they depends on `TokenRequest`.\r\n\r\nI don't think it is yet a must have. Most third parties still allow unsecure JWT token and advice to use `TokenRequest`.\r\nHowever if `TokenRequest` is really simple as follow (untested yet), it may be worth (a small modification for a small improvment of usability and security)\r\n\r\n\r\n","issue_id":1660244372431,"origin_id":637621712,"user_origin_id":13785185,"create_time":1591111778,"update_time":1591111778,"id":1669353769030,"updated_at":"2022-11-25T05:22:49.030000Z","created_at":"2022-11-25T05:22:49.030000Z"}]

# Problem it solves _Probably "Wishlist priority"_ When Installing latest istio (1.6.0) at the time of writing, I did see the warning: ``` Detected that your cluster does not support...

tychota

Hetzner now supports private networking

[{"_id":"63805c1b4b97542c9a305852","body":"@jamesfarrugia \r\nactually, the networks feature just got out of beta today. I just logged in and got the confirmation popup immediately that networks is now globally available. \r\n\r\n\r\n","issue_id":1660244372435,"origin_id":520730861,"user_origin_id":7568546,"create_time":1565683062,"update_time":1565683062,"id":1669356571250,"updated_at":"2022-11-25T06:09:31.250000Z","created_at":"2022-11-25T06:09:31.250000Z"},{"_id":"63805c1b4b97542c9a305853","body":"Hey guys. Currently really busy, having a newborn at home. Will catch up as soon as possible. Of course, this is great news, but I\u2019d like to keep WireGuard in place to have a common secure networking option out of the box across different providers.","issue_id":1660244372435,"origin_id":520747382,"user_origin_id":600097,"create_time":1565686113,"update_time":1565686113,"id":1669356571255,"updated_at":"2022-11-25T06:09:31.254000Z","created_at":"2022-11-25T06:09:31.254000Z"},{"_id":"63805c1b4b97542c9a305854","body":"Thanks a lot for supporting this project on Patreon @jamesfarrugia \ud83d\ude0d","issue_id":1660244372435,"origin_id":520747899,"user_origin_id":600097,"create_time":1565686203,"update_time":1565686203,"id":1669356571257,"updated_at":"2022-11-25T06:09:31.257000Z","created_at":"2022-11-25T06:09:31.257000Z"},{"_id":"63805c1b4b97542c9a305855","body":"First of all, congrats! I only wanted to point it out since just like @codeagencybe I got the popup today. I feel like wireguard should remain there as well yes, the main change would be in making it work pretty much in the same way as DO or SW.\r\n\r\nIt's my pleasure to at least acknowledge that this is a genuinely helpful project, I wish I could do more!","issue_id":1660244372435,"origin_id":520755008,"user_origin_id":14979341,"create_time":1565687364,"update_time":1565687364,"id":1669356571260,"updated_at":"2022-11-25T06:09:31.259000Z","created_at":"2022-11-25T06:09:31.259000Z"},{"_id":"63805c1b4b97542c9a305856","body":"@pstadler Congratulations! Hopefully you still have good sleep nights ;) \r\nEnjoy the time because they grow so fast!","issue_id":1660244372435,"origin_id":520761788,"user_origin_id":7568546,"create_time":1565688541,"update_time":1565688541,"id":1669356571262,"updated_at":"2022-11-25T06:09:31.262000Z","created_at":"2022-11-25T06:09:31.262000Z"},{"_id":"63805c1b4b97542c9a305857","body":"Just a short note: I tried to get the private network feature to work - using the hcloud_server_network resource - but got stuck. Simply put, the \"non-etcd-nodes\" weren't able to connect to the etc master. ","issue_id":1660244372435,"origin_id":599467487,"user_origin_id":490015,"create_time":1584355561,"update_time":1584355561,"id":1669356571266,"updated_at":"2022-11-25T06:09:31.266000Z","created_at":"2022-11-25T06:09:31.266000Z"}]

Maybe the guide can now streamline its network setup stage and use internal IPs and make it "abstract" in terms of networks? (i.e. the part about having to use public...

jamesfarrugia

Can we add a node without destroying the whole setup?

[{"_id":"63804ec3bc25e83db00a2f68","body":"Maybe an overshoot, but you can have a look on Rancher (a GUI orchestration tool for k8s). You can add and remove Nodes easily by clicking in your browser as well as saving templates of your server configurations. Here are screenshots of the \"edit cluster\" option:\r\n\r\n<img width=\"963\" alt=\"Bildschirmfoto 2019-03-15 um 10 10 15\" src=\"https:\/\/user-images.githubusercontent.com\/1597621\/54420564-982f6a00-470a-11e9-842a-3255ffdcecf5.png\">\r\n<img width=\"965\" alt=\"Bildschirmfoto 2019-03-15 um 10 10 05\" src=\"https:\/\/user-images.githubusercontent.com\/1597621\/54420565-982f6a00-470a-11e9-9ce7-696420a71d52.png\">\r\n","issue_id":1660244372438,"origin_id":473211407,"user_origin_id":1597621,"create_time":1552641075,"update_time":1552641075,"id":1669353155093,"updated_at":"2022-11-25T05:12:35.093000Z","created_at":"2022-11-25T05:12:35.093000Z"},{"_id":"63804ec3bc25e83db00a2f69","body":"This should work without much hassle using hobby-kube\/provisioning. \r\n\r\nEven though I never tried this, you should be able to change the `node_count` variable and run `terraform apply`. Make sure you have a backup ready before trying this.","issue_id":1660244372438,"origin_id":473652577,"user_origin_id":600097,"create_time":1552818260,"update_time":1552818316,"id":1669353155096,"updated_at":"2022-11-25T05:12:35.096000Z","created_at":"2022-11-25T05:12:35.096000Z"},{"_id":"63804ec3bc25e83db00a2f6a","body":"I tested incrementing from 3 to 4 and I found it worked fine, one last thing I've not checked yet is it might require re-running some part of `hobby-kube\/manifests` `storage` to add some rook stuff to the new node","issue_id":1660244372438,"origin_id":542354278,"user_origin_id":17053762,"create_time":1571165538,"update_time":1571165538,"id":1669353155102,"updated_at":"2022-11-25T05:12:35.102000Z","created_at":"2022-11-25T05:12:35.102000Z"},{"_id":"63804ec3bc25e83db00a2f6b","body":"Well, not sure about Rook. It\u2019s best to try or ask the Rook devs, they\u2018re quite responsive.","issue_id":1660244372438,"origin_id":542357667,"user_origin_id":600097,"create_time":1571166046,"update_time":1571166046,"id":1669353155105,"updated_at":"2022-11-25T05:12:35.104000Z","created_at":"2022-11-25T05:12:35.104000Z"}]

Thanks for this guide! I'm wondering if we can scale up the nodes without rebuilding the whole stack from scratch?

melalj