| 31 May 2023 |
 Simon Smith | its detecting the servicenetwork range correctly, just not the podnetwork range | 11:02:47 |
 Michael Francis | I use the one built into the nvidia helm chart - but if I had to guess it’s because you need to set the correct runtime for this library to load the library | 14:38:47 |
 Tim Jones | You'd make the value of feature-gates the same as you would pass to the --feature-gates argument.
i.e.
extraArgs:
feature-gates: AdmissionWebhookMatchConditions=true,CloudDualStackNodeIPs=true,... | 14:47:59 |
 Bas | Super, thanks! | 17:04:41 |
|  hdhog | 17:49:12 |
| hdhog changed their profile picture. | 17:52:03 |
| hdhog changed their profile picture. | 18:04:46 |
 BJ Badyk | Does anyone know if -o nolock is supported with nfs-subdir-external-provisioner? | 18:07:18 |
 Seán C McCord | Both are provided as configuration to the controller manager; there is no CRD which reflects these values (so far as I am aware). However, once allocated, each Node is marked with its assigned Pod Network. | 19:08:17 |
| Simon Smith | ive managed to find a work around for the moment, just use calico for the policys (canal) and leave flannel as the network | 19:09:12 |
| Simon Smith | i cant get calico to autodetect the pod network thats set in talos, i didnt want to have to host my own yaml files, i wanted to automated it straight from the calico github repo but its not possible it seems | 19:17:39 |
| Tim Jones | When we use calico, we generally download the manifest and update the IP Pool setting to match the cluster config, and add that manifest as an inlineManifest in the cluster config too. | 19:18:15 |
| Simon Smith | yeh i wanted to avoid that, altho i have just reliased, i could of just set the pod network to 172 like k3s does 🤦♂️ | 19:19:10 |
| Simon Smith | i only use 10. ranges in work and 192 at home | 19:19:24 |
| Simon Smith | ive never used a 172 range anywhere haha | 19:19:31 |
| 1 Jun 2023 |
 Rajiv M Ranganath | I created a fresh (vagrant + libvirt) Talos K8S. In the cluster, I tried to the following
kubectl --kubeconfig ./kubeconfig label ns default pod-security.kubernetes.io/enforce=privileged
kubectl --kubeconfig ./kubeconfig debug node/talos-x7o-vb3 -it --image=nicolaka/netshoot
Within the netshoot container, when I tried to run
fdisk -l /host/dev/vda
fdisk: cannot open /host/dev/vda: Operation not permitted
I get the above error. Would anybody know why this might be happening? | 04:14:37 |
 Nebula | Curious, why drbd extension here says its disabled? | 04:38:49 |
|  Venkatasubramanian Srinivasan changed their profile picture. | 06:58:20 |
| Venkatasubramanian Srinivasan | HI , Greetings All! Sorry if this a newbie question. I am one, to talos, if not k8s. Here is my test cluster in talos.
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8sctl1 Ready control-plane 42h v1.27.1 10.77.1.115 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8sctl2 Ready control-plane 42h v1.27.1 10.77.1.80 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8sctl3 Ready control-plane 42h v1.27.1 10.77.1.84 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8sctl4 Ready control-plane 42h v1.27.1 10.77.1.87 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8sctl5 Ready control-plane 42h v1.27.1 10.77.1.89 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork1 Ready none 42h v1.27.1 10.77.1.116 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork2 Ready none 42h v1.27.1 10.77.1.81 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork3 Ready none 42h v1.27.1 10.77.1.83 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork4 Ready none 42h v1.27.1 10.77.1.88 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork5 Ready none 42h v1.27.1 10.77.1.90 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
k8swork6 Ready none 42h v1.27.1 10.77.1.91 none Talos (v1.4.4) 6.1.28-talos containerd://1.6.21
All that I am trying get done is to have a VIP for my 5 control plane nodes 115,80,84,87,89. That would be 10.77.1.99. No amount of 'talosctl edit machineconfig' (with or without -n IP) would help, as I get to do the vi of the YAML , but it does not represent the true state of the node. Any change in the YAML, I get a syntax error while saving the edit.
Been following Talos for a while now, in fact quite a while, and first time trying out in an office like environment. What could I be doing wrong?
PS:- A big fan of the concept and love the demos, be it Metal or Omni. And the boldness to deny even ssh. | 06:58:21 |
 jorik | I think it’s relevant in order to help you that you show the snippet where you try to config it, and the exact syntax error | 07:03:45 |
| jorik | it is, you can specify mount options in the storageclass iirc | 07:04:25 |
 Romain Degez | also: are all the nodes in a shared layer2 segment (required for vip to work) or in an ip-only cloud-provider environement ? | 08:11:29 |
|  Jean-Luc Geering joined the room. | 08:14:02 |
| Jean-Luc Geering | hello there,
I'm having some troubles upgrading my control-plane nodes (or setting up new control-plane nodes). After the upgrade (in this case to 1.4.5) they are getting stuck at task uncordonNode:
10.10.99.22: user: warning: [2023-06-01T08:05:25.769080166Z]: [talos] task uncordonNode (1/1): starting
10.10.99.22: user: warning: [2023-06-01T08:05:25.845540166Z]: [talos] retrying error: node not ready
10.10.99.22: user: warning: [2023-06-01T08:05:33.332576166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"}
10.10.99.22: user: warning: [2023-06-01T08:05:49.241990166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"}
10.10.99.22: user: warning: [2023-06-01T08:06:05.042627166Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \x5c"https://127.0.0.1:10250/pods/?timeout=30s\x5c": remote error: tls: internal error"}
etc...
only happened on control-plane nodes, and sometimes it resolves itself after a while
I have also had luck with switching the role to worker until the node is ready and then setting it to control-plane.
I am also using rotate-server-certificates (for metrics-server)
machine:
kubelet:
extraArgs:
rotate-server-certificates: 'true'
not sure it is related, just mentioning because the error seems to be related to certificates
any ideas? | 08:23:38 |
| Tim Jones | Only thing I can think of is that the docs say that:
The container will run in the host namespace
I'm not entirely sure what "host namespace" refers to, but it could be that it's not running in the default namespace. Try specifying --namespace default or in another terminal take a look at the pod spec while it's running to see the namespace and/or volume mounts are correct... | 08:34:43 |
| Tim Jones | You can check the blame and see it was disabled in this PR (https://github.com/siderolabs/extensions/pull/103) because it doesn't build with Linux kernel 6.1.
If you want to test if it builds and submit a PR to enable it again, it would be welcome. | 08:38:45 |
 Wolodja Wentland | Hi all,
We are very interested in full server encryption, and I was curious if you have an insight into the timelines of support for that? It was mentioned that this feature would come in the next release (cf. https://taloscommunity.slack.com/archives/CG25RPZNE/p1683562907891019?thread_ts=1683528627.869709&cid=CG25RPZNE), which is great. Is this likely to land anytime soon?
Thanks! | 09:48:42 |
 Steve Francis | Sounds like just a yaml formatting error- make sure to use spaces for indenting, and post the snippet and error as suggested… | 10:33:48 |
| Steve Francis | 1.5 will be released in August, alpha releases with this should be by end of June.. | 10:41:11 |
| Wolodja Wentland | That's fantastic, thanks again. | 10:45:33 |
