Closed erickaby closed 11 months ago
The fact that support command worked means there's no error in talking to talos API, i guess when the services
command was run Talos was still re-generating new certs
Usually the reason might be that Kubernetes Pod/Service CIDRs overlap with the machine IPs. Talos API won't issue a cert for an address which is within pod/service CIDR range.
Just in case Talos defaults are:
podSubnets:
- 10.244.0.0/16
# The service subnet CIDR.
serviceSubnets:
- 10.96.0.0/12
Your IP seems to be different though.
But it's a bug in Talos actually, your 10.0.0.128/8
address overlaps with pod/service CIDRs if taken as a subnet, but as a single address it actually isn't contained in that subnet.
As an interim fix, you change pod/service subnets to be from e.g. 192.168. space, but we'll get this fixed
Thanks for the feedback, that does make sense. I didn't think to try to change them cidr ranges, I'll be testing your solution shortly.
Usually the reason might be that Kubernetes Pod/Service CIDRs overlap with the machine IPs. Talos API won't issue a cert for an address which is within pod/service CIDR range.
Just in case Talos defaults are:
podSubnets: - 10.244.0.0/16 # The service subnet CIDR. serviceSubnets: - 10.96.0.0/12
Your IP seems to be different though.
That piece of information is very useful. Is that already in the doco and I have missed it? Would be nice to have under troubleshooting the control plane, since that was where I was expecting to read some help on the cert issue.
Bug Report
Talos v1.5.1 failing to bootstap etcd on Proxmox VM due to networking issues.
Description
Hi, I am setting up Talos on my homelab and recently changed my local network from
192.168.0.1/16
to10.0.0.1/8
. I have been having issues getting Talos past the booting stage after the installation. I don't fully believe it is a Talos issue however since i can get past the Maintenance mode and reach the VM I want to rule out Talos before reverting and resetting my local network. So, I have went back to basics and have followed the Proxmox guide. My setup isn't unique with a default Proxmox install on my local home network which is as basic as you can think. I have tried both with and without DHCP, both allow me to interact with the VM before and during the booting state through talosctl. The only thing problem here is that I need to add the IP address of the VM intomachine.certSANs
if i don't, I get the error below. Ive scoured the support.zip file logs to find anything useful to keep debugging but here I am.I have attached the support.zip below, also i enabled
debug: true
.Logs
Full project with the configuration files, secrets and support.zip inside (this is throwaway project) project.zip
Environment
kubectl version --short
]