kubectl get pods -A -o wide
WARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
To overcome this issue, add the following line to roles/k3s/templates/config.yaml.j2:
write-kubeconfig-mode: "0644"
Wait till the Tigera Operator has fully applied
k3s : Wait till the Tigera Operator has fully applied
fatal: [edge -> localhost]: FAILED! => {"changed": false, "msg": "Failed to gather information about TigeraStatus(s) even after waiting for 123 seconds"}
By default the timeout for the tigera operator is 120 seconds. If you face this error, increase it 5 mins by adding wait_timeout: 300 just after wait: yes in roles/k3s/tasks/config-calico.yml corresponding tasks. Such as below:
- name: Wait till the Tigera Operator has fully applied
delegate_to: "{{ groups['deployment'][0] }}"
kubernetes.core.k8s_info:
kind: TigeraStatus
name: calico
namespace: default
wait: yes
wait_condition:
type: "Available"
status: "True"
reason: "AllObjectsAvailable"
wait_timeout: 300
- name: Wait till the Calico Installation is created
delegate_to: "{{ groups['deployment'][0] }}"
kubernetes.core.k8s_info:
kind: Installation
name: default
namespace: default
wait: yes
wait_condition:
type: "Ready"
status: "True"
reason: "AllObjectsAvailable"
wait_timeout: 300
In addition to that, this must be run in a completly clean state.
Change cluster ip CIDR
Apply Calico network policies
TASK [k3s : Apply Calico global network policies] **********************************************************************************************************************************************************
failed: [edge-mv -> localhost] (item=default-deny) => {"ansible_loop_var": "item", "changed": false, "item": "default-deny", "msg": "Failed to find exact match for projectcalico.org/v1.GlobalNetworkPolicy by [kind, name, singularName, shortNames]"}
failed: [edge-mv -> localhost] (item=allow-ping) => {"ansible_loop_var": "item", "changed": false, "item": "allow-ping", "msg": "Failed to find exact match for projectcalico.org/v1.GlobalNetworkPolicy by [kind, name, singularName, shortNames]"}
Configure Neutron
TASK [k3s : Create calico network] *************************************************************************************************************************************************************************
fatal: [edge-mv]: FAILED! => {"action": "os_network", "changed": false, "extra_data": {"data": null, "details": "Running without keystone AuthN requires that tenant_id is specified", "response": "{\"NeutronError\": {\"type\": \"HTTPBadRequest\", \"message\": \"Running without keystone AuthN requires that tenant_id is specified\", \"detail\": \"\"}}"}, "msg": "BadRequestException: 400: Client Error for url: http://10.0.87.254:9696/v2.0/networks, Running without keystone AuthN requires that tenant_id is specified"}
Solution: open the webportal, create Calico network, subnet, and router from there. OR, add the following line to 'Create calico network', 'Create calico subnet', and 'Fetch existing NAT router' tasks <task>.kolla_toolbox.module_args in roles/k3s/tasks/config-neutron.yml:
Add wait_timeout: 300 to 'Wait till the Tigera Operator has fully applied' and 'Wait till the Calico Installation is created' tasks just after wait: yes in roles/k3s/tasks/config-calico.yml.
Change cluster ip CIDR at roles/k3s/defaults/main.yml.
Add apply: yes to the last task in roles/k3s/tasks/config-calico.yml.
Add the following line to 'Create calico network', 'Create calico subnet', and 'Fetch existing NAT router' tasks <task>.kolla_toolbox.module_args in roles/k3s/tasks/config-neutron.yml:
project: "{{ keystone_admin_project }}"
Add become: yes to the task Generate Calico/Neutron connection script in roles/k3s/tasks/config-neutron.yml.