Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error validating "kube-flannel.yml": error validating data: failed to download openapi: #2100

Open
eliassal opened this issue Nov 4, 2024 · 17 comments

Comments

@eliassal
Copy link

eliassal commented Nov 4, 2024

After successful kubadm init, I downloaded from
https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
when I run
kubectl apply -f kube-flannel.yml

I get

error: error validating "kube-flannel.yml": error validating data: failed to download openapi: Get "http://localhost:8080/openapi/v2?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused; if you choose to ignore these errors, turn validation off with --validate=false

Expected Behavior

install this CNI

Your Environment

  • Flannel version: latest as indicated
  • Backend used (e.g. vxlan or udp): not sure
  • Etcd version:
  • Kubernetes version (if used): 1.30
  • Operating System and version: fedora 37
@rbrtbnfgl
Copy link
Contributor

Hi. Did you configure the kubeconfig file used by kubectl right?

@eliassal
Copy link
Author

eliassal commented Nov 7, 2024

Yes I think here is a snapshot of the config file in my .kube folder

image

@rbrtbnfgl
Copy link
Contributor

Could you try with --validate=false flag?

@eliassal
Copy link
Author

Here is the output for the command

sudo kubectl apply -f kube-flannel.yml --validate=false

E1112 18:13:46.123903 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1112 18:13:46.125277 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1112 18:13:46.126409 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1112 18:13:46.127290 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1112 18:13:46.128699 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1112 18:13:46.130407 4046049 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "kube-flannel.yml": Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused

@eliassal
Copy link
Author

When I issue the command

kubectl get pods --all-namespaces

I see that the api server is up and running

NAMESPACE     NAME                                     READY   STATUS              RESTARTS        AGE
kube-system   coredns-55cb58b774-pgmk2                 0/1     ContainerCreating   0               7d21h
kube-system   coredns-55cb58b774-xxg25                 0/1     ContainerCreating   0               7d21h
kube-system   etcd-puppetmaster29                      1/1     Running             2               7d21h
kube-system   kube-apiserver-puppetmaster29            1/1     Running             3               7d21h
kube-system   kube-controller-manager-puppetmaster29   1/1     Running             5 (7m19s ago)   7d21h
kube-system   kube-proxy-gt5mp                         1/1     Running             0               7d21h
kube-system   kube-scheduler-puppetmaster29            1/1     Running             5 (7m12s ago)   7d21h

@rbrtbnfgl
Copy link
Contributor

you are using sudo with kubectl apply. When you get root level permission you lost the KUBECONFIG env.

@eliassal
Copy link
Author

OK, do you have an idea how to make it possible without sudo as I always get " need root privilege" when I run without sudo

@rbrtbnfgl
Copy link
Contributor

you need to do a chmod +r on the kubeconfig file

@eliassal
Copy link
Author

Yes, this chmod did the job and I was able to run kubectl without sudo, here is the ouput, is it the correct bahavior?

namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

@rbrtbnfgl
Copy link
Contributor

yes

@eliassal
Copy link
Author

But getting issues by issuing kubeadm join on, the 1st node it says i see in it NotReady state when I doi describe node

Node in NotReady State With Message "cni plugin not initialized"

@eliassal
Copy link
Author

Hi, I recreated the cluster but getting always issues with pods indicating failed to find plugin cni loopback in path /opt/cni/bin Is this something that flannel should add?

@rbrtbnfgl
Copy link
Contributor

You should install the CNI plugins

ARCH=$(uname -m)
  case $ARCH in
    armv7*) ARCH="arm";;
    aarch64) ARCH="arm64";;
    x86_64) ARCH="amd64";;
  esac
mkdir -p /opt/cni/bin
curl -O -L https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-$ARCH-v1.5.1.tgz
tar -C /opt/cni/bin -xzf cni-plugins-linux-$ARCH-v1.5.1.tgz

@eliassal
Copy link
Author

Thanks is this all 1 script to run?

@rbrtbnfgl
Copy link
Contributor

Yes it should be enough

@eliassal
Copy link
Author

Thanks, yes this allowed to go through and initially K8s cluster was up and running with 2 flannel pods as you can see in the snapshot
AllPodsonChefOK

but as soon as I joined a worker node, 1 flannel pod was created on that node but failing as follows
AllPodsonChefNotOK

I did a describe and here is the full ouput in the enclosed file
flannelPodFails.txt

@rbrtbnfgl
Copy link
Contributor

The cni bin should be included on each node.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants