k8s.io
k8s.io copied to clipboard
kubernetes
https://pkgs.k8s.io/ does not support ipv6
The following command generates curl: (22) The requested URL returned error: 403
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key
This issue is currently awaiting triage.
SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
I have found out that myth curl was trying to send an IPv6 request... Which means that https://pkgs.k8s.io does not support IPv6 yet ?
Mean while, I had to do this to solve my issue.
echo 'ipv4' >> ~/.curlrc
Page related issue https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
@Martin-Luther Thank you for raising the issue. But here I had tried but it is not triggering such error. Can you Please check Which Ubuntu and deb you are using if you are using older than Debian 12 and Ubuntu 22.04, then you manually need to make directory using sudo mkdir -p -m 755 /etc/apt/keyrings before executing this command. Here i think the error is due to the restriction to use the directory so above command will help you to make directory with access.
If you satisfied all these criteria and still you are facing an issue then check if your network might have a firewall or proxy that is blocking the request so disable it.
else check whether you entered the correct url.
@Martin-Luther Thank you for raising the issue. But here I had tried but it is not triggering such error. Can you Please check Which Ubuntu and deb you are using if you are using older than Debian 12 and Ubuntu 22.04, then you manually need to make directory using
sudo mkdir -p -m 755 /etc/apt/keyringsbefore executing this command. Here i think the error is due to the restriction to use the directory so above command will help you to make directory with access.If you satisfied all these criteria and still you are facing an issue then check if your network might have a firewall or proxy that is blocking the request so disable it.
else check whether you entered the correct url.
@niranjandarshann
The issue was solved by forcing curl, apt-get & wget to use ipv4 because my system is ipv6 by default.
I am using Debian 12
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm
---
Linux fr-km0 6.1.0-17-amd64 kubernetes/website#1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
moving this to k8s.io for triage, seems like the ipv6 problem should be checked /transfer k8s.io
Hello, After more investigations, it seems like my provider gave me IPv6 addresses that were blocked by GCP. So I could only use IPv4. I have tried with another provider, and things worked just fine with IPv6. Let's say that someone in the same situation finds this ticket; is it possible to say to Kubeadmn, Kubelet & Kubectl to fallback to IPv4 when IPv6 fails ?
@Martin-Luther What cloud provider are you using? We have been observing blocked IP addresses from Hetzner; are you using Hetzner by any chance?
@xmudrii
@Martin-Luther What cloud provider are you using? We have been observing blocked IP addresses from Hetzner; are you using Hetzner by any chance?
As mentioned in my previous message :
After more investigations, it seems like my provider gave me IPv6 addresses that were blocked by GCP
I am @ Gandi, and seriously thinking about moving to Digital Ocean or Hostinger if they allow me o add additional volumes ...
pkgs.k8s.io is currently hosted with a combination of GCP + AWS (like most, but not all of our infra), we have to work with what is available to us and major cloud providers do block some IPs for various reasons (e.g. US sanctions, abuse, ...).
If someone wanted to help provide a mirror, we could consider it, otherwise I recommend self-hosting a personal mirror (or obtaining hosting without IP reputation issues, or escalating to your hosting provider), it simply isn't scalable for us to follow up on these as a project and we don't have a viable alternative on hand for hosting, these vendors are providing a lot of resources to the project.
It seems the title of this issue is inaccurate?
Tested on an AWS EC2 instance with IPv6 address and no public IPv4 address, works perfectly fine. Packages are installed without a problem, and I can see that the IPv6 address is used if curl pkgs.k8s.io.
Given that we have IPv6 support, I'm going to close this issue. /close
@xmudrii: Closing this issue.
In response to this:
Test on an AWS EC2 instance with IPv6 address and no public IPv4 address, works perfectly fine. Packages are installed without a problem, and I can see that the IPv6 address is used if curl
pkgs.k8s.io.Given that we have IPv6 support, I'm going to close this issue. /close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.