mdrahman-suse
commented
6 months ago So apparently it looks like selinux policies are not compatible with Kine, thanks @vitorsavian for identifying the root cause. Once I disabled selinux from the RHEL OS, I was able to create a cluster
$ sestatus
SELinux status: disabled
$ rke2 -v
rke2 version v1.30.0+rke2r1 (60e06c4dbccff996f717af8f4c532971f57264b4)
go version go1.22.2 X:boringcrypto
$ kga
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node/server1 Ready control-plane,master 7m31s v1.3x.0+rke2r1 xxx.xx.x.15 x.xxx.x.190 Red Hat Enterprise Linux 8.7 (Ootpa) 4.18.0-425.3.1.el8.x86_64 containerd://1.7.11-k3s2
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system pod/kube-scheduler-server1 1/1 Running 0 7m29s xxx.xx.x.15 server1 <none> <none>
kube-system pod/kube-apiserver-server1 1/1 Running 0 7m27s xxx.xx.x.15 server1 <none> <none>
kube-system pod/kube-controller-manager-server1 1/1 Running 0 7m29s xxx.xx.x.15 server1 <none> <none>
kube-system pod/cloud-controller-manager-server1 1/1 Running 0 7m27s xxx.xx.x.15 server1 <none> <none>
kube-system pod/kube-proxy-server1 1/1 Running 0 7m22s xxx.xx.x.15 server1 <none> <none>
kube-system pod/helm-install-rke2-coredns-q5rrx 0/1 Completed 0 7m12s xxx.xx.x.15 server1 <none> <none>
kube-system pod/helm-install-rke2-canal-mglvd 0/1 Completed 0 7m12s xxx.xx.x.15 server1 <none> <none>
kube-system pod/rke2-canal-knvld 2/2 Running 0 6m54s xxx.xx.x.15 server1 <none> <none>
kube-system pod/helm-install-rke2-snapshot-controller-crd-msml2 0/1 Completed 0 7m12s xx.xx.x.2 server1 <none> <none>
kube-system pod/helm-install-rke2-metrics-server-84566 0/1 Completed 0 7m12s xx.xx.x.3 server1 <none> <none>
kube-system pod/rke2-coredns-rke2-coredns-autoscaler-5749cd7b8b-r58f9 1/1 Running 0 6m55s xx.xx.x.5 server1 <none> <none>
kube-system pod/helm-install-rke2-snapshot-controller-mfncj 0/1 Completed 0 7m12s xx.xx.x.7 server1 <none> <none>
kube-system pod/rke2-snapshot-controller-7dcf5d5b46-992x7 1/1 Running 0 5m58s xx.xx.x.10 server1 <none> <none>
kube-system pod/helm-install-rke2-snapshot-validation-webhook-ngpcq 0/1 Completed 0 7m12s xx.xx.x.8 server1 <none> <none>
kube-system pod/rke2-snapshot-validation-webhook-bf7bbd6fc-k52zs 1/1 Running 0 5m55s xx.xx.x.11 server1 <none> <none>
kube-system pod/rke2-metrics-server-868fc8795f-49h2q 1/1 Running 0 6m4s xx.xx.x.9 server1 <none> <none>
kube-system pod/rke2-coredns-rke2-coredns-64dcf4f58b-v9m7d 1/1 Running 0 6m55s xx.xx.x.4 server1 <none> <none>
kube-system pod/helm-install-rke2-ingress-nginx-f6fkx 0/1 Completed 0 7m12s xx.xx.x.6 server1 <none> <none>
kube-system pod/rke2-ingress-nginx-controller-pd6g6 1/1 Running 0 5m38s xx.xx.x.13 server1 <none> <none>I still think its an issue likely as the RHEL OSs have selinux enabled by default
brandond
Environmental Info: RKE2 Version:
Also with v1.29.4+rke2r1 Node(s) CPU architecture, OS, and Version:
Cluster Configuration:
Describe the bug:
rke2-server is failing to start service with error when a datastore-endpoint is added to its configuration on an RHEL based OS and default installation method via RPM
NOTE: The same server setup and config works fine with tar install
Steps To Reproduce:
Expected behavior:
Cluster comes up successfully
Actual behavior:
rke2-server fails to start with error in the logs
Additional context / logs: