search

k3s-io / cluster-api-k3s

Cluster API k3s
Apache License 2.0
133 stars 38 forks source link

cloud controller port clash on k3s >=v1.23.x #20

Open mkmik opened 1 year ago

mkmik commented 1 year ago

When using k3s with version >= v1.23.x I get this error when spinning up the cloud controller (which blocks any other component due to the cloud controller readiness taint):

cloud-controller-manager
I1124 09:28:48.381554 1 serving.go:313] Generated self-signed cert in-memory
cloud-controller-manager
failed to create listener: failed to listen on 0.0.0.0:10258: listen tcp 0.0.0.0:10258: bind: address already in use

Turns out this is caused by a change in k3s https://github.com/k3s-io/k3s/issues/6554

I tested the workaround mentioned in that ticket by manually editing /etc/rancher/k3s/config.yaml

 cluster-init: true
 disable-cloud-controller: true
 kube-apiserver-arg:
 - anonymous-auth=true
 - tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384
 kube-controller-manager-arg:
 - cloud-provider=external
 kubelet-arg:
 - cloud-provider=external
+kube-cloud-controller-manager-arg:
+- secure-port=0
 node-name: 'ip-10-0-193-85.ec2.internal'
 tls-san:
 - k3-test-16-apiserver-1867539897.us-east-1.elb.amazonaws.com

A quick look at the server config schema doesn't reveal any trick I can use to set that arg:

type K3sServerConfig struct {
    DisableCloudController    bool     `json:"disable-cloud-controller,omitempty"`
    KubeAPIServerArgs         []string `json:"kube-apiserver-arg,omitempty"`
    KubeControllerManagerArgs []string `json:"kube-controller-manager-arg,omitempty"`
    TLSSan                    []string `json:"tls-san,omitempty"`
    BindAddress               string   `json:"bind-address,omitempty"`
    HttpsListenPort           string   `json:"https-listen-port,omitempty"`
    AdvertiseAddress          string   `json:"advertise-address,omitempty"`
    AdvertisePort             string   `json:"advertise-port,omitempty"`
    ClusterCidr               string   `json:"cluster-cidr,omitempty"`
    ServiceCidr               string   `json:"service-cidr,omitempty"`
    ClusterDNS                string   `json:"cluster-dns,omitempty"`
    ClusterDomain             string   `json:"cluster-domain,omitempty"`
    DisableComponents         []string `json:"disable,omitempty"`
    ClusterInit               bool     `json:"cluster-init,omitempty"`
    K3sAgentConfig            `json:",inline"`
}

should I add KubeCloudControllerManagerArgs ?

zawachte commented 1 year ago

sgtm

mkmik commented 1 year ago

another option is to disable servicelb with:

apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KThreesControlPlane
....
  kthreesConfigSpec:
    serverConfig:
      disableComponents:
      - servicelb

that also disables the embedded cloud-controller-manager, but