FAQ and Troubleshooting
FAQ - Frequently Asked Questions
“How do I login into the cluster?”
Possible symptoms when running a kubectl
command
error: You must be logged in to the server (Unauthorized)
or
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Yaook/k8s now uses short-lived kubeconfigs. Which means that, instead of commiting them encrypted into the cluster repository, they are not committed at all but instead re-generated from the Vault when they are needed.
You can login to the Yaook/k8s cluster with
$ ./managed-k8s/actions/k8s-login.sh
This will generate a kubeconfig that is valid for 8 days (by default). After that, you need to login again.
“How do I ssh into my cluster nodes?”
$ ssh -o UserKnownHostsFile=etc/ssh_known_hosts -i <path to private key> -l <username> <ip address>
<path to private key>
This should be the path to your private key matching the keypair specified by the environment variable
TF_VAR_keypair
.
<username>
This should be the default user of the image you are deploying.
By default this should be
debian
for the gateway nodes andubuntu
for the master and worker nodes.
<ip address>
The gateway, worker and master nodes are all connected in a private network and all have unique private IP addresses. Additionally all gateway nodes are given floating IP addresses.
When ssh-ing to one of the gateways you can either use its floating or its private IP address.
Master and worker nodes are only accessible using their private IP addresses and the traffic to these nodes is always (transparently) routed via the gateway nodes.
The use of a private IP address requires first setting up the wireguard tunnel.
If it is not already up, you can set it up by running the wg-up.sh script.
$ ./managed-k8s/actions/wg-up.sh
“How can I test my yk8s-Cluster?”
We recommend testing whether your cluster was successfully deployed by manually logging into the nodes and/or by running:
$ ./managed-k8s/actions/test.sh
“How can I delete my yk8s-Cluster?”
You can delete the yk8s-Cluster and all associated OpenStack resources by triggering the destroy.sh script.
Warning
Destroying a cluster cannot be undone.
Note
The configuration of the cluster is neither deleted nor reset.
$ # Destroy the yk8s cluster and delete all OpenStack resources
$ MANAGED_K8S_RELEASE_THE_KRAKEN=true MANAGED_K8S_DISRUPT_THE_HARBOUR=true MANAGED_K8S_NUKE_FROM_ORBIT=true ./managed-k8s/actions/destroy.sh
Troubleshooting
“The apply-all.sh
script cannot connect to the host nodes”
Error message: failed to detect a valid login!
First make sure you can manually connect to the host nodes.
You may need to explicitly specify which key Ansible shall use for connections, i.e. the private key file corresponding to the OpenStack key pair specified by the environment variable
TF_VAR_keypair
in~/.config/yaook-k8s/env
.You can do this by setting the variable
ansible_ssh_private_key_file
on the command line via the AFLAGS environment variable:$ AFLAGS='-e ansible_ssh_private_key_file=/path/to/private_key_file' ./managed-k8s/actions/apply.sh
Further information is available in the upstream documentation on Ansible connections.
“My private wireguard key cannot be found”
Error message:
cat: '~/.wireguard/wg.key': No such file or directory
Use an absolute path to specify the
wg_private_key_file
environment variable in~/.config/yaook-k8s/env
.
“I can’t ssh into my cluster nodes”
Follow the instructions on how to connect to the cluster via ssh.
Ensure that your ssh key is in a supported format.
The Get certificate information task
of the k8s-master
fails
Error message:
AttributeError: 'builtins.Certificate' object has no attribute '_backend'
Remove your local Ansible directory but make sure to not remove data you still need so make backup in case (e.g.
mv ~/.ansible ~/.ansible.bak
)see this issue
Ansible could not initialize the preferred locale: unsupported locale setting
Ansible requires UTF-8 encoding since v.2.14.0.
Try setting the following in your ~/.config/yaook-k8s/env
:
$ [[ -z ${LC_ALL} ]] && { export LC_ALL=C.UTF-8 ; }