!AhUnkatMeayVVxZprp:matrix.org

talos-support

1127 Members
Talos.dev product support18 Servers

Load older messages


SenderMessageTime
31 May 2023
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith its detecting the servicenetwork range correctly, just not the podnetwork range 11:02:47
@_slack_taloscommunity_U02HASQJC2V:matrix.orgMichael Francis I use the one built into the nvidia helm chart - but if I had to guess it’s because you need to set the correct runtime for this library to load the library 14:38:47
@_slack_taloscommunity_UG8G8UMMG:matrix.orgTim Jones You'd make the value of feature-gates the same as you would pass to the --feature-gates argument. i.e.
extraArgs:
  feature-gates: AdmissionWebhookMatchConditions=true,CloudDualStackNodeIPs=true,...
14:47:59
@_slack_taloscommunity_U03S30VQVME:matrix.orgBas Super, thanks! 17:04:41
@hdhog:matrix.hdhog.ruhdhog 17:49:12
@hdhog:matrix.hdhog.ruhdhog changed their profile picture.17:52:03
@hdhog:matrix.hdhog.ruhdhog changed their profile picture.18:04:46
@_slack_taloscommunity_U01KV18KND9:matrix.orgBJ Badyk Does anyone know if -o nolock is supported with nfs-subdir-external-provisioner? 18:07:18
@scm:cycore.ioSeán C McCordBoth are provided as configuration to the controller manager; there is no CRD which reflects these values (so far as I am aware). However, once allocated, each Node is marked with its assigned Pod Network.19:08:17
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith ive managed to find a work around for the moment, just use calico for the policys (canal) and leave flannel as the network 19:09:12
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith i cant get calico to autodetect the pod network thats set in talos, i didnt want to have to host my own yaml files, i wanted to automated it straight from the calico github repo but its not possible it seems 19:17:39
@_slack_taloscommunity_UG8G8UMMG:matrix.orgTim Jones When we use calico, we generally download the manifest and update the IP Pool setting to match the cluster config, and add that manifest as an inlineManifest in the cluster config too. 19:18:15
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith yeh i wanted to avoid that, altho i have just reliased, i could of just set the pod network to 172 like k3s does 🤦‍♂️ 19:19:10
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith i only use 10. ranges in work and 192 at home 19:19:24
@_slack_taloscommunity_U05A8PC91H8:matrix.orgSimon Smith ive never used a 172 range anywhere haha 19:19:31
1 Jun 2023
@_slack_taloscommunity_U058KUTS6F4:matrix.orgRajiv M Ranganath I created a fresh (vagrant + libvirt) Talos K8S. In the cluster, I tried to the following
kubectl --kubeconfig ./kubeconfig label ns default pod-security.kubernetes.io/enforce=privileged

kubectl --kubeconfig ./kubeconfig debug node/talos-x7o-vb3 -it --image=nicolaka/netshoot
Within the netshoot container, when I tried to run
fdisk -l /host/dev/vda
fdisk: cannot open /host/dev/vda: Operation not permitted
I get the above error. Would anybody know why this might be happening?
04:14:37
@_slack_taloscommunity_U02TU3RNL0J:matrix.orgNebula Curious, why drbd extension here says its disabled? 04:38:49
@_slack_taloscommunity_U03FQL9LGCD:matrix.orgVenkatasubramanian Srinivasan changed their profile picture.06:58:20
@_slack_taloscommunity_U03FQL9LGCD:matrix.orgVenkatasubramanian Srinivasan HI , Greetings All! Sorry if this a newbie question. I am one, to talos, if not k8s. Here is my test cluster in talos. NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k8sctl1 Ready control-plane 42h v1.27.1 10.77.1.115 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8sctl2 Ready control-plane 42h v1.27.1 10.77.1.80 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8sctl3 Ready control-plane 42h v1.27.1 10.77.1.84 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8sctl4 Ready control-plane 42h v1.27.1 10.77.1.87 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8sctl5 Ready control-plane 42h v1.27.1 10.77.1.89 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork1 Ready none 42h v1.27.1 10.77.1.116 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork2 Ready none 42h v1.27.1 10.77.1.81 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork3 Ready none 42h v1.27.1 10.77.1.83 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork4 Ready none 42h v1.27.1 10.77.1.88 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork5 Ready none 42h v1.27.1 10.77.1.90 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 k8swork6 Ready none 42h v1.27.1 10.77.1.91 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21 All that I am trying get done is to have a VIP for my 5 control plane nodes 115,80,84,87,89. That would be 10.77.1.99. No amount of 'talosctl edit machineconfig' (with or without -n IP) would help, as I get to do the vi of the YAML , but it does not represent the true state of the node. Any change in the YAML, I get a syntax error while saving the edit. Been following Talos for a while now, in fact quite a while, and first time trying out in an office like environment. What could I be doing wrong? PS:- A big fan of the concept and love the demos, be it Metal or Omni. And the boldness to deny even ssh. 06:58:21
@_slack_taloscommunity_UU38A8DB7:matrix.orgjorik I think it’s relevant in order to help you that you show the snippet where you try to config it, and the exact syntax error 07:03:45
@_slack_taloscommunity_UU38A8DB7:matrix.orgjorik it is, you can specify mount options in the storageclass iirc 07:04:25
@_slack_taloscommunity_U04PR92T6MD:matrix.orgRomain Degez also: are all the nodes in a shared layer2 segment (required for vip to work) or in an ip-only cloud-provider environement ? 08:11:29
@jeanluc.geering:matrix.orgJean-Luc Geering joined the room.08:14:02
@jeanluc.geering:matrix.orgJean-Luc Geering hello there, I'm having some troubles upgrading my control-plane nodes (or setting up new control-plane nodes). After the upgrade (in this case to 1.4.5) they are getting stuck at task uncordonNode: 10.10.99.22: user: warning: [2023-06-01T08:05:25.769080166Z]: [talos] task uncordonNode (1/1): starting 10.10.99.22: user: warning: [2023-06-01T08:05:25.845540166Z]: [talos] retrying error: node not ready 10.10.99.22: user: warning: [2023-06-01T08:05:33.332576166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"} 10.10.99.22: user: warning: [2023-06-01T08:05:49.241990166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"} 10.10.99.22: user: warning: [2023-06-01T08:06:05.042627166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"} etc... only happened on control-plane nodes, and sometimes it resolves itself after a while I have also had luck with switching the role to worker until the node is ready and then setting it to control-plane. I am also using rotate-server-certificates (for metrics-server) machine: kubelet: extraArgs: rotate-server-certificates: 'true' not sure it is related, just mentioning because the error seems to be related to certificates any ideas? 08:23:38
@_slack_taloscommunity_UG8G8UMMG:matrix.orgTim Jones Only thing I can think of is that the docs say that:
The container will run in the host namespace
I'm not entirely sure what "host namespace" refers to, but it could be that it's not running in the default namespace. Try specifying --namespace default or in another terminal take a look at the pod spec while it's running to see the namespace and/or volume mounts are correct...
08:34:43
@_slack_taloscommunity_UG8G8UMMG:matrix.orgTim Jones You can check the blame and see it was disabled in this PR (https://github.com/siderolabs/extensions/pull/103) because it doesn't build with Linux kernel 6.1. If you want to test if it builds and submit a PR to enable it again, it would be welcome. 08:38:45
@_slack_taloscommunity_U04T23FNXRQ:matrix.orgWolodja Wentland Hi all, We are very interested in full server encryption, and I was curious if you have an insight into the timelines of support for that? It was mentioned that this feature would come in the next release (cf. https://taloscommunity.slack.com/archives/CG25RPZNE/p1683562907891019?thread_ts=1683528627.869709&cid=CG25RPZNE), which is great. Is this likely to land anytime soon? Thanks! 09:48:42
@_slack_taloscommunity_UH76TTSBV:matrix.orgSteve Francis Sounds like just a yaml formatting error- make sure to use spaces for indenting, and post the snippet and error as suggested… 10:33:48
@_slack_taloscommunity_UH76TTSBV:matrix.orgSteve Francis 1.5 will be released in August, alpha releases with this should be by end of June.. 10:41:11
@_slack_taloscommunity_U04T23FNXRQ:matrix.orgWolodja Wentland That's fantastic, thanks again. 10:45:33

There are no newer messages yet.


Back to Room ListRoom Version: 6