cluster-api-k3s icon indicating copy to clipboard operation
cluster-api-k3s copied to clipboard

Published 20 hours ago verified publisher icon k3s-io

cloud controller port clash on k3s >=v1.23.x

Open mkmik opened this issue 2 years ago • 2 comments

When using k3s with version >= v1.23.x I get this error when spinning up the cloud controller (which blocks any other component due to the cloud controller readiness taint):

cloud-controller-manager
I1124 09:28:48.381554 1 serving.go:313] Generated self-signed cert in-memory
cloud-controller-manager
failed to create listener: failed to listen on 0.0.0.0:10258: listen tcp 0.0.0.0:10258: bind: address already in use

Turns out this is caused by a change in k3s https://github.com/k3s-io/k3s/issues/6554

I tested the workaround mentioned in that ticket by manually editing /etc/rancher/k3s/config.yaml

 cluster-init: true
 disable-cloud-controller: true
 kube-apiserver-arg:
 - anonymous-auth=true
 - tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384
 kube-controller-manager-arg:
 - cloud-provider=external
 kubelet-arg:
 - cloud-provider=external
+kube-cloud-controller-manager-arg:
+- secure-port=0
 node-name: 'ip-10-0-193-85.ec2.internal'
 tls-san:
 - k3-test-16-apiserver-1867539897.us-east-1.elb.amazonaws.com

A quick look at the server config schema doesn't reveal any trick I can use to set that arg:

type K3sServerConfig struct {
	DisableCloudController    bool     `json:"disable-cloud-controller,omitempty"`
	KubeAPIServerArgs         []string `json:"kube-apiserver-arg,omitempty"`
	KubeControllerManagerArgs []string `json:"kube-controller-manager-arg,omitempty"`
	TLSSan                    []string `json:"tls-san,omitempty"`
	BindAddress               string   `json:"bind-address,omitempty"`
	HttpsListenPort           string   `json:"https-listen-port,omitempty"`
	AdvertiseAddress          string   `json:"advertise-address,omitempty"`
	AdvertisePort             string   `json:"advertise-port,omitempty"`
	ClusterCidr               string   `json:"cluster-cidr,omitempty"`
	ServiceCidr               string   `json:"service-cidr,omitempty"`
	ClusterDNS                string   `json:"cluster-dns,omitempty"`
	ClusterDomain             string   `json:"cluster-domain,omitempty"`
	DisableComponents         []string `json:"disable,omitempty"`
	ClusterInit               bool     `json:"cluster-init,omitempty"`
	K3sAgentConfig            `json:",inline"`
}

should I add KubeCloudControllerManagerArgs ?

mkmik avatar Dec 14 '22 02:12 mkmik

sgtm

zawachte avatar Dec 14 '22 12:12 zawachte

another option is to disable servicelb with:

apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KThreesControlPlane
....
  kthreesConfigSpec:
    serverConfig:
      disableComponents:
      - servicelb

that also disables the embedded cloud-controller-manager, but

mkmik avatar Dec 19 '22 09:12 mkmik