XOA receipe not creating VIP address (balancer)

igorf

@shinuza
Sorry, that environment don’t exist anymore.
BR, Igor

tuckertt

Hi,

Long time user (xcp-ng) first time commentor. I've attempted to use the recipe to deploy k8s, having thought about having a cluster for a while but never had the motivation to look into creating one so the functionality of the recipe sounded awesome. Unfortunately I've hit the same problem by the sounds of it. I can create a single control plane node with workers but when attempting to deploy a more resilient configuration it stops at one node and the screen output reports that cloud-init failed and the logs report it's an issue connecting to the vip by the looks of it. Hopefully it's ok to upload my log in place of igorf's but looking at it it talks about checking the various containers so I did for the vip container and get:

root@cp-1:/home/debian# crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock logs 8f33bda832123
time="2024-07-16T09:16:08Z" level=info msg="Starting kube-vip.io [v0.8.1]"
time="2024-07-16T09:16:08Z" level=info msg="namespace [kube-system], Mode: [ARP], Features(s): Control Plane:[true], Services:[true]"
time="2024-07-16T09:16:08Z" level=info msg="prometheus HTTP server started"
time="2024-07-16T09:16:08Z" level=info msg="Using node name [cp-1]"
time="2024-07-16T09:16:08Z" level=info msg="Starting Kube-vip Manager with the ARP engine"
time="2024-07-16T09:16:08Z" level=info msg="beginning services leadership, namespace [kube-system], lock name [plndr-svcs-lock], id [cp-1]"
I0716 09:16:08.494929 1 leaderelection.go:250] attempting to acquire leader lease kube-system/plndr-svcs-lock...
time="2024-07-16T09:16:08Z" level=info msg="Beginning cluster membership, namespace [kube-system], lock name [plndr-cp-lock], id [cp-1]"
I0716 09:16:08.496428 1 leaderelection.go:250] attempting to acquire leader lease kube-system/plndr-cp-lock...
E0716 09:16:10.511560 1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-svcs-lock: leases.coordination.k8s.io "plndr-svcs-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
E0716 09:16:10.511638 1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-cp-lock: leases.coordination.k8s.io "plndr-cp-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
........( message loops )....

which, although I haven't really touched the stuff so can't be sure looks like it could possibly be to do with https://github.com/kube-vip/kube-vip/issues/684

cloud-init-output.log.txt

louhisuo created this issue in kube-vip/kube-vip

open kube-vip requires super-admin.conf with Kubernetes 1.29 #684

olivierlambert

That's more input for @shinuza , thanks !

shinuza

@tuckertt said in XOA receipe not creating VIP address (balancer):

Hi,

Long time user (xcp-ng) first time commentor. I've attempted to use the recipe to deploy k8s, having thought about having a cluster for a while but never had the motivation to look into creating one so the functionality of the recipe sounded awesome. Unfortunately I've hit the same problem by the sounds of it. I can create a single control plane node with workers but when attempting to deploy a more resilient configuration it stops at one node and the screen output reports that cloud-init failed and the logs report it's an issue connecting to the vip by the looks of it. Hopefully it's ok to upload my log in place of igorf's but looking at it it talks about checking the various containers so I did for the vip container and get:

root@cp-1:/home/debian# crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock logs 8f33bda832123
time="2024-07-16T09:16:08Z" level=info msg="Starting kube-vip.io [v0.8.1]"
time="2024-07-16T09:16:08Z" level=info msg="namespace [kube-system], Mode: [ARP], Features(s): Control Plane:[true], Services:[true]"
time="2024-07-16T09:16:08Z" level=info msg="prometheus HTTP server started"
time="2024-07-16T09:16:08Z" level=info msg="Using node name [cp-1]"
time="2024-07-16T09:16:08Z" level=info msg="Starting Kube-vip Manager with the ARP engine"
time="2024-07-16T09:16:08Z" level=info msg="beginning services leadership, namespace [kube-system], lock name [plndr-svcs-lock], id [cp-1]"
I0716 09:16:08.494929 1 leaderelection.go:250] attempting to acquire leader lease kube-system/plndr-svcs-lock...
time="2024-07-16T09:16:08Z" level=info msg="Beginning cluster membership, namespace [kube-system], lock name [plndr-cp-lock], id [cp-1]"
I0716 09:16:08.496428 1 leaderelection.go:250] attempting to acquire leader lease kube-system/plndr-cp-lock...
E0716 09:16:10.511560 1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-svcs-lock: leases.coordination.k8s.io "plndr-svcs-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
E0716 09:16:10.511638 1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-cp-lock: leases.coordination.k8s.io "plndr-cp-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
........( message loops )....

which, although I haven't really touched the stuff so can't be sure looks like it could possibly be to do with https://github.com/kube-vip/kube-vip/issues/684

cloud-init-output.log.txt

Hi,

Thank you for the report.
Can you tell us the version of your xoa-server plug-in? This is fixed in 0.29.1, you probably have version 0.29.0 or lower.

With regards,

tuckertt

@shinuza said in XOA receipe not creating VIP address (balancer):

xoa-server plug-in

Thanks for that. Yup the plugin reports being at 0.29.0, although XOA reports being up to date too

olivierlambert

Are you on XOA stable or latest?

edit: it's possible you are on stable, consider switching to latest and try again

tuckertt

@olivierlambert stable, which would probably explain it

olivierlambert

Keep us posted on latest, to confirm it's correctly fixed

tuckertt

I can confirm that on latest, using XOA plugin v0.29.1 that all options of control planes 1 -> 7 deploys using DHCP and also tested a three control plane instance using static IP's. Pretty cool

kubectl get nodes
NAME STATUS ROLES AGE VERSION
cp-1 Ready control-plane 12m v1.30.2
cp-2 Ready control-plane 9m15s v1.30.2
cp-3 Ready control-plane 6m11s v1.30.2
worker-1 Ready <none> 3m30s v1.30.2
worker-2 Ready <none> 3m16s v1.30.2
worker-3 Ready <none> 3m23s v1.30.2

olivierlambert

Yay!