SUSE Support

Here When You Need Us

RKE2 vSphere cluster provisioning failing, with failing kube-apiserver healthchecks due to inability to resolve localhost

This document (000021462) is provided subject to the disclaimer at the end of this document.

Environment

Rancher 2.7.x

Rancher 2.8.x


Situation



Symptoms
  •   High number restarts  of the core pods
NAMESPACE      NAME                                           READY   STATUS     RESTARTS            
cattle-fleet-system fleet-agent-cc8c97f97-bvx78               1/1    Running      185
cattle-system cattle-cluster-agent-b1460cbd-8ct5c             1/1    Running      115
cattle-system cattle-cluster-agent-b1460cbd-l2l8l             1/1    Running      168
kube-system kube-apiserver-cluster-suse-cp-f777105c-2qgvh     0/1    Running      314
kube-system kube-controller-manager-cluster-suse-cp-5c-2qgvh  1/1    Running      491
kube-system cloud-controller-manager-cluster-suse-cp-5c-2qgvh 1/1    Running      501
  •  The apiserver pod flaps between ready and not ready status
NAMESPACE              NAME                                 READY   STATUS     RESTARTS 

kube-system kube-apiserver-cluster-suse-cp-f777105c-2qgvh     0/1   Running    314
  • The kubelet logs register failing probes against the kube-apiserver.

Resolution

1) Enable kubelet debug logging

  1. Click ☰ > Cluster Management.

  2. Go to the cluster you want to configure and click ⋮ > Edit Config.

  3. Advanced > Additional Kubelet Args > Add v=9 under For all machines, use Kubelet args

image.png
 

2) Replicate the livenenessProbe and check the kubelet logs

   2.1 Open an SSH session to a master node
   2.2 Execute the command to simulate livenessProbe for kube-apiserver in the cluster
/var/lib/rancher/rke2/bin/crictl --runtime-endpoint unix:///run/k3s/containerd/containerd.sock exec $(/var/lib/rancher/rke2/bin/crictl --runtime-endpoint unix:///run/k3s/containerd/containerd.sock ps | grep kube-apiserver | awk '{print $1}') kubectl get --server=https://localhost:6443/ --client-certificate=/var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt --client-key=/var/lib/rancher/rke2/server/tls/client-kube-apiserver.key --certificate-authority=/var/lib/rancher/rke2/server/tls/server-ca.crt --raw=/livez


   2.3 Open another SSH sessionn to the same master node and check the logs

tail -f /var/lib/rancher/rke2/agent/logs/kubelet.log | grep kube-apiserver
 Check the DNS resolution and DNS lookups.


 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021462
  • Creation Date: 05-Jun-2024
  • Modified Date:06-Feb-2025
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center