Closed jr200 closed 3 years ago
@jr200 following up with additional data based on discord conversation: This is due to rotating public keys. If a node reboots, it gets a new public key. It is good to rotate keys for security reasons, but also important to make sure connections work afterwards. I believe what you found was the connection did work after a little while (it takes about 1-2 minutes for the new public key to propagate to other nodes). Is this correct? If so I would not call this one a bug.
However, there is a separate issue with Ingress Gateways, because public key rotation will break the client configuration. For this we should have a separate issue for maintaining a static public key on ingress gateways (unless manually rotated).
@jr200 this has been fixed in the new release. I will close once 0.7 is official (slated for 8/11/21).
Fixed in 0.7
I've installed k3s on top of wireguard via flannel by following the netmaker tutorial on youtube. I experienced an issue running the pingtest after a reboot.
Steps to reproduce:
10.42.0.1/24
,10.42.1.1/24
,10.42.2.1/24
,10.42.3.1/24
)kubectl -n pingtest exec -it {pod-B} -- ping {IP-A,C,D}
=> works!!kubectl -n pingtest exec -it {pod-A,C,D} -- ping {IP-B}
=> works!!kubectl get nodes -o wide
=> shows B isReady
kubectl -n pingtest exec -it {pod-B} -- ping {IP-A,C,D}
=> doesnt work!!kubectl -n pingtest exec -it {pod-A,C,D} -- ping {IP-B}
=> doesnt work!!systemctl restart k3s-agent.service
on node Bkubectl -n pingtest exec -it {pod-B} -- ping {IP-A,C,D}
=> works!!kubectl -n pingtest exec -it {pod-A,C,D} -- ping {IP-B}
=> works!!I wonder if anyone else is experiencing this issue, or if its entirely a problem with my setup.
I'm using ubuntu server 21.04, k3s v1.21.1+k3s1.