ETCD not Initialising Over Masters due to Active Firewall

Problem

Nodelet phases failing to start ETCD, causing failure in cluster creation.
ETCD failing to communicate with peers due to connection timeout.

{"log":"{\"level\":\"warn\",\"ts\":\"2024-06-12T14:51:55.76627Z\",\"caller\":\"rafthttp/probing_status.go:68\",\"msg\":\"prober detected unhealthy status\",\"round-tripper-name\":\"ROUND_TRIPPER_SNAPSHOT\",\"remote-peer-id\":\"6d7106e150141fa6\",\"rtt\":\"0s\",\"error\":\"dial tcp X.X.X.X:2380: i/o timeout\"}<br>","stream":"stderr","time":"2024-06-12T14:51:55.76642038Z"}

Environment

Platform9 Managed Kubernetes - v5.0 and Higher

Cause

The involved hosts have firewall enabled over them causing disruption in ETCD-API communication.

Resolution

Firewall across all the hosts needs to be disabled as a prerequisite to successfully create a PMK cluster.

# systemctl stop firewalld
# systemctl disable firewalld

Additional Information

Official documentation

PreviousThe certificate being used by the k8s API server on port 443 is an untrusted certificate.NextNodelet Initiating Stop Chain on Failure due to Third Party Webhook

Last updated 4 months ago

Good morning

hashtagProblem

hashtagEnvironment

hashtagCause

hashtagResolution

hashtagAdditional Information

Problem

Environment

Cause

Resolution

Additional Information