I am not entirely sure whether this sub is also intended for asking questions, but after opening the question on stack overflow and only getting an AI answer, I thought it would be worth a shot to ask here. What follows is a rather long question, but most of it is just debugging information to avoid obvious questions.

I have created a small kubernetes cluster (6 nodes) using kubeadm and flannel as the CNI in an openstack project. This is my first time using more than a single node kubernetes cluster.

I set up the kubernetes cluster's master via

# tasks file for kubernetes_master
- name: Install required packages
  apt:
    name:
      - curl
      - gnupg2
      - software-properties-common
      - apt-transport-https
      - ca-certificates
    state: present
    update_cache: yes

- name: Install Docker
  apt:
    name: docker.io
    state: present
    update_cache: yes

- name: Remove Keyrings Directory (if it exists)
  ansible.builtin.shell: rm -rf /etc/apt/keyrings

- name: Remove Existing Kubernetes Directory (if it exists)
  ansible.builtin.shell: sudo rm -rf /etc/apt/sources.list.d/pkgs_k8s_io_core_stable_v1_30_deb.list

- name: Disable swap
  ansible.builtin.command:
    cmd: swapoff -a

#- name: Ensure swap is disabled on boot
#  ansible.builtin.command:
#    cmd: sudo sed -i -e '/\/swap.img\s\+none\s\+swap\s\+sw\s\+0\s\+0/s/^/#/' /etc/fstab

- name: Ensure all swap entries are disabled on boot
  ansible.builtin.command:
    cmd: sudo sed -i -e '/\s\+swap\s\+/s/^/#/' /etc/fstab

- name: Add kernel modules for Containerd
  ansible.builtin.copy:
    dest: /etc/modules-load.d/containerd.conf
    content: |
      overlay
      br_netfilter

- name: Load kernel modules for Containerd
  ansible.builtin.shell:
    cmd: modprobe overlay && modprobe br_netfilter
  become: true

- name: Add kernel parameters for Kubernetes
  ansible.builtin.copy:
    dest: /etc/sysctl.d/kubernetes.conf
    content: |
      net.bridge.bridge-nf-call-ip6tables = 1
      net.bridge.bridge-nf-call-iptables = 1
      net.ipv4.ip_forward = 1

- name: Load kernel parameter changes
  ansible.builtin.command:
    cmd: sudo sysctl --system

- name: Configuring Containerd (building the configuration file)
  ansible.builtin.command:
    cmd: sudo sh -c "containerd config default > /opt/containerd/config.toml"

- name: Configuring Containerd (Setting SystemdCgroup Variable to True)
  ansible.builtin.command:
    cmd: sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /opt/containerd/config.toml

- name: Reload systemd configuration
  ansible.builtin.command:
    cmd: systemctl daemon-reload

- name: Restart containerd service
  ansible.builtin.service:
    name: containerd
    state: restarted

- name: Allow 6443/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 6443/tcp

- name: Allow 2379:2380/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 2379:2380/tcp

- name: Allow 22/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 22/tcp

- name: Allow 8080/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 8080/tcp

- name: Allow 10250/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 10250/tcp

- name: Allow 10251/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 10251/tcp

- name: Allow 10252/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 10252/tcp

- name: Allow 10255/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 10255/tcp

- name: Allow 5473/tcp through firewall
  ansible.builtin.command:
    cmd: sudo ufw allow 5473/tcp

- name: Enable the firewall
  ansible.builtin.ufw:
    state: enabled

- name: Reload the firewall
  ansible.builtin.command:
    cmd: sudo ufw reload

- name: Prepare keyrings directory and update permissions
  file:
    path: /etc/apt/keyrings
    state: directory
    mode: '0755'

- name: Download Kubernetes GPG key securely
  ansible.builtin.shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

- name: Add Kubernetes repository
  ansible.builtin.apt_repository:
    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /"
    state: present

- name: Install kubeadm, kubelet, kubectl
  ansible.builtin.apt:
    name:
      - kubelet
      - kubeadm
      - kubectl
    state: present
    update_cache: yes

- name: Hold kubelet, kubeadm, kubectl packages
  ansible.builtin.command:
    cmd: sudo apt-mark hold kubelet kubeadm kubectl

- name: Replace /etc/default/kubelet contents
  ansible.builtin.copy:
    dest: /etc/default/kubelet
    content: 'KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs"'

- name: Reload systemd configuration
  ansible.builtin.command:
    cmd: systemctl daemon-reload

- name: Restart kubelet service
  ansible.builtin.service:
    name: kubelet
    state: restarted

- name: Update System-Wide Profile for Kubernetes
  ansible.builtin.copy:
    dest: /etc/profile.d/kubernetes.sh
    content: |
      export KUBECONFIG=/etc/kubernetes/admin.conf
      export ANSIBLE_USER="sysadmin"

# only works if not executing on master
#- name: Reboot the system
#  ansible.builtin.reboot:
#    msg: "Reboot initiated by Ansible for Kubernetes setup"
#    reboot_timeout: 150

- name: Replace Docker daemon.json configuration
  ansible.builtin.copy:
    dest: /etc/docker/daemon.json
    content: |
      {
        "exec-opts": ["native.cgroupdriver=systemd"],
        "log-driver": "json-file",
        "log-opts": {
          "max-size": "100m"
        },
        "storage-driver": "overlay2"
      }

- name: Reload systemd configuration
  ansible.builtin.command:
    cmd: systemctl daemon-reload

- name: Restart Docker service
  ansible.builtin.service:
    name: docker
    state: restarted

- name: Update Kubeadm Environment Variable
  ansible.builtin.command:
    cmd: sudo sed -i -e '/^\[Service\]/a Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"' /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

- name: Reload systemd configuration
  ansible.builtin.command:
    cmd: systemctl daemon-reload

- name: Restart kubelet service
  ansible.builtin.service:
    name: kubelet
    state: restarted

- name: Pull kubeadm container images
  ansible.builtin.command:
    cmd: sudo kubeadm config images pull

- name: Initialize Kubernetes control plane
  ansible.builtin.command:
    cmd: kubeadm init --pod-network-cidr=10.244.0.0/16
    creates: /tmp/kubeadm_output
  register: kubeadm_init_output
  become: true
  changed_when: false

- name: Set permissions for Kubernetes Admin
  file:
    path: /etc/kubernetes/admin.conf
    state: file
    mode: '0755'

- name: Store Kubernetes initialization output to file
  copy:
    content: "{{ kubeadm_init_output.stdout }}"
    dest: /tmp/kubeadm_output
  become: true
  delegate_to: localhost

- name: Generate the Join Command
  ansible.builtin.shell: cat /tmp/kubeadm_output | tail -n 2 | sed ':a;N;$!ba;s/\\\n\s*/ /g' > /tmp/join-command
  delegate_to: localhost

- name: Set permissions for the Join Executable
  file:
    path: /tmp/join-command
    state: file
    mode: '0755'
  delegate_to: localhost

manually reboot the node and installed flannel via kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml. Worker's are created in a similar way (without flannel). I omit their script for now but I can add it if it seems important.

I then had dns resolution issues with a helm chart which is why I tried to investigate network issues and noticed that instances are unable to ping each other.

I am unsure how to debug this issue further.

Debug Info

kubectl get nodes
NAME           STATUS   ROLES           AGE     VERSION
k8s-master-0   Ready    control-plane   4h38m   v1.30.14
k8s-worker-0   Ready    <none>          4h35m   v1.30.14
k8s-worker-1   Ready    <none>          4h35m   v1.30.14
k8s-worker-2   Ready    <none>          4h35m   v1.30.14
k8s-worker-3   Ready    <none>          4h35m   v1.30.14
k8s-worker-4   Ready    <none>          4h35m   v1.30.14
k8s-worker-5   Ready    <none>          4h34m   v1.30.14

kube-flannel-ds-275hx   1/1     Running   0          150m   192.168.33.149   k8s-worker-0   <none>           <none>
kube-flannel-ds-2rplc   1/1     Running   0          150m   192.168.33.38    k8s-worker-5   <none>           <none>
kube-flannel-ds-2w98x   1/1     Running   0          150m   192.168.33.113   k8s-worker-1   <none>           <none>
kube-flannel-ds-g4vb6   1/1     Running   0          150m   192.168.33.167   k8s-worker-4   <none>           <none>
kube-flannel-ds-mpwbz   1/1     Running   0          150m   192.168.33.163   k8s-worker-2   <none>           <none>
kube-flannel-ds-qmbgc   1/1     Running   0          150m   192.168.33.117   k8s-master-0   <none>           <none>
kube-flannel-ds-sgdgs   1/1     Running   0          150m   192.168.33.243   k8s-worker-3   <none>           <none>

ip addr show flannel.1
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default 
    link/ether a2:4a:11:1f:84:ef brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::a04a:11ff:fe1f:84ef/64 scope link 
       valid_lft forever preferred_lft forever

ip route
default via 192.168.33.1 dev ens3 proto dhcp src 192.168.33.117 metric 100 
10.244.0.0/24 dev cni0 proto kernel scope link src 10.244.0.1 
10.244.1.0/24 via 10.244.1.0 dev flannel.1 onlink 
10.244.2.0/24 via 10.244.2.0 dev flannel.1 onlink 
10.244.3.0/24 via 10.244.3.0 dev flannel.1 onlink 
10.244.4.0/24 via 10.244.4.0 dev flannel.1 onlink 
10.244.5.0/24 via 10.244.5.0 dev flannel.1 onlink 
10.244.6.0/24 via 10.244.6.0 dev flannel.1 onlink 
169.254.169.254 via 192.168.33.3 dev ens3 proto dhcp src 192.168.33.117 metric 100 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.33.0/24 dev ens3 proto kernel scope link src 192.168.33.117 metric 100 
192.168.33.1 dev ens3 proto dhcp scope link src 192.168.33.117 metric 100 
192.168.33.2 dev ens3 proto dhcp scope link src 192.168.33.117 metric 100 
192.168.33.3 dev ens3 proto dhcp scope link src 192.168.33.117 metric 100 
192.168.33.4 dev ens3 proto dhcp scope link src 192.168.33.117 metric 100 

kubectl run -it --rm dnsutils --image=busybox:1.28 --restart=Never -- nslookup kubernetes.default
If you don't see a command prompt, try pressing enter.

Address 1: 10.96.0.10

nslookup: can't resolve 'kubernetes.default'
pod "dnsutils" deleted
pod default/dnsutils terminated (Error)

kubectl get pods -n kube-system -l k8s-app=kube-dns
NAME                       READY   STATUS    RESTARTS        AGE
coredns-55cb58b774-6vb7p   1/1     Running   1 (4h19m ago)   4h38m
coredns-55cb58b774-wtrz6   1/1     Running   1 (4h19m ago)   4h38m

Ping Test

ubuntu@k8s-master-0:~$ kubectl run pod1 --image=busybox:1.28 --restart=Never --command -- sleep 3600
pod/pod1 created
ubuntu@k8s-master-0:~$ kubectl run pod2 --image=busybox:1.28 --restart=Never --command -- sleep 3600
pod/pod2 created

ubuntu@k8s-master-0:~$ kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
pod1   1/1     Running   0          15m   10.244.5.2   k8s-worker-1   <none>           <none>
pod2   1/1     Running   0          15m   10.244.4.2   k8s-worker-3   <none>           <none>
ubuntu@k8s-master-0:~$ kubectl exec -it pod1 -- sh
/ # ping 10.244.5.2
PING 10.244.5.2 (10.244.5.2): 56 data bytes
64 bytes from 10.244.5.2: seq=0 ttl=64 time=0.107 ms
64 bytes from 10.244.5.2: seq=1 ttl=64 time=0.091 ms
64 bytes from 10.244.5.2: seq=2 ttl=64 time=0.090 ms
^C
***
10.244.5.2 ping statistics
***
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.090/0.096/0.107 ms
/ # 10.244.4.2
sh: 10.244.4.2: not found
/ # ping 10.244.4.2
PING 10.244.4.2 (10.244.4.2): 56 data bytes
^C
***
10.244.4.2 ping statistics
***
2 packets transmitted, 0 packets received, 100% packet loss
/ # exit
command terminated with exit code 1

If I understand flannel correctly, it is fine that the pods are in other subnets as the ip routes manage the forwarding.

Do you know about using Kubernetes Debug containers? They're really useful for troubleshooting well-built, locked-down images that are running in your cluster. I was thinking it would be nice if k9s had this feature, and lo and behold, it has a plugin! I just had to add that snippet to my ${HOME}/.config/k9s/plugins.yaml, run k9s, find the pod, press enter to get into the pod's containers, select a container, and press Shift-D. The debug-container plugin uses the nicolaka/netshoot image, which has a bunch of useful tools on it. Easy debugging in k9s!

I got a Kubernetes survey from The Linux Foundation today and it had a question that asked how Kubernetes impacted my professional life. Good question. Here's my answer:

Kubernetes renewed my love for infrastructure and DevOps! As cloud platforms grew more popular, my job function changed; instead of managing services, I was managing "managed" services. I was losing the ability to actually build infrastructure with free, open source software (FOSS), and I was forced to become an expert in proprietary solutions. I switched to FOSS years ago because the idea of writing software for anyone in the world to use and modify - for free - was really inspiring! When I discovered Kubernetes, I was able to work with FOSS infrastructure again! Once I have compute, storage, and networking from the cloud platform, I can install Kubernetes, and actually manage my own services again!

I've been working with Kubernetes since 2015 and I've mangled with handcrafted manifests including almost duplicate manifests for staging/production environments, played around with stuff like Cue, built lots glue (mostly shell script) to automate manifest-handling and -generation and I also enjoy parts of Kustomize. When Helm started to appear it seemed like a terrible hack, especially since it came with the Tiller-dependency to handle Helm-managed state-changes inside of the clusters. And while they dropped Tiller (thankfully), I still haven't made my peace with Helm.

Go-templating it awful to read, a lot of Helm charts don't really work out of the box, charts can be fed values that aren't shown via helm show values ./chart, debugging HelmChart $namespace/$release-$chartname is not ready involves going over multiple logs spread over different parts of the cluster and I could go on and on. And yet, almost every project that goes beyond offering Dockerfile+docker-compose.yaml just releases a Helm Chart for their app.

Am I the only one who is annoyed by Helm? Have I been using it wrongly? Is there something I've been missing?

In case you're a Helm maintainer: Please don't take it personally, my issue is not with the people behind Helm!

The KBOM project provides an initial specification in JSON and has been constructed for extensibilty across various cloud service providers (CSPs) as well as DIY Kubernetes.

Hello world!

I want to release to internet my custom immutable rolling-release extreme-simple Linux distribution for Kubernetes deployments.

I was using this distribution for about the last 6 years on production environments (currently used by a few startups and two country's public services). I really think that it could be stable enough to be public published to internet before 2024.

I'm asking for advice before the public release, as licensing, community building, etc.

A few specs about the distribution:

• Rolling release. Just one file (currently less than ~40Mb) that can be bootable from BIOS or UEFI (+secure boot) environments. You can replace this file by the next release or use the included toolkit to upgrade the distribution (reboot/kexec it). Mostly automated distribution releases by each third-party releases (Linux, Systemd, Containerd, KubeAdm, etc).

• HTTP setup. The initial setup could be configured with a YAML file written anywhere in a FAT32 partition or through a local website installer. You can install the distribution or configure KubeAdm (control-plane & worker) from the terminal or the local website.

• Simple, KISS. Everything must be simple for the user, this must be the most important aspect for the distribution. Just upstream software to run a production ready Kubernetes cluster.

• No money-driven. This distribution must be public, and it must allow to be forked at any time by anyone.

A bit of background:

I was using CoreOS before Redhat bought them. I like the immutable distro and A/B release aspect of the CoreOS distribution. After the Redhat acquisition, the CoreOS distribution was over-bloated. I switched to use my own distribution, built with Buildroot. A few years later, I setup the most basic framework to create a Kubernetes cluster without any headache. It's mostly automated (bots checking for new third-party releases as Linux, Systemd, Containerd, KubeAdm, etc; building, testing & signing each release). I already know that building a distribution is too expensive, because of that I programmed few bots that made this job for me. Now days, I only improve the toolkits, and approve the Git requests from thats bots.

Thank you for your time!

Looking for the best way to learn kubernetes, given that I have plenty of years of engineering (Java, python) and a solid experience with AWS.

any format works - paid/free courses, working through articles, getting started guides, etc..

For benefit of anyone who needs to go back to the basics. Certainly a need I sense in the Kubernetes community around me.

Tried it out in the past couple of days to manage k8s volumes and backups on s3 and it works surprisingly well out of the box. Context: k3s running on multiple raspberry pi

CNCF has posted their playlist from all the talks at the 2022 conference in Detroit

Kubernetes Ingress Controllers Compared. warning takes you to Google docs