Skip to main content

I try to install kasten on centos 7 and it failed at the preflight checks step as below:
  ~]# kubectl version --short
       Client Version: v1.21.14
       Server Version: v1.21.14
 

curl https://docs.kasten.io/tools/k10_primer.sh | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  7113  100  7113    0     0   9932      0 --:--:-- --:--:-- --:--:--  9920
Namespace option not provided, using default namespace
Checking for tools
 --> Found kubectl
 --> Found helm
Checking if the Kasten Helm repo is present
 --> The Kasten Helm repo was found
Checking for required Helm version (>= v3.0.0)
 --> No Tiller needed with Helm v3.10.1
K10Primer image
 --> Using Image (gcr.io/kasten-images/k10tools:5.0.11) to run test
Checking access to the Kubernetes context kubernetes-admin@kubernetes
 --> Able to access the default Kubernetes namespace
K10 Kanister tools image
 --> Using Kanister tools image (ghcr.io/kanisterio/kanister-tools:0.83.0) to run test

Running K10Primer Job in cluster with command-
     ./k10tools primer
serviceaccount/k10-primer created
clusterrolebinding.rbac.authorization.k8s.io/k10-primer created
job.batch/k10primer created
Waiting for pod k10primer-5s2zs to be ready - ContainerCreating
Waiting for pod k10primer-5s2zs to be ready - ContainerCreating
Pod Ready!

Kubernetes Version Check:
  Get "https://10.96.0.1:443/version": dial tcp 10.96.0.1:443: connect: no route to host  -  Error

RBAC Check:
  Get "https://10.96.0.1:443/api": dial tcp 10.96.0.1:443: connect: no route to host  -  Error

Aggregated Layer Check:
  Get "https://10.96.0.1:443/api": dial tcp 10.96.0.1:443: connect: no route to host  -  Error

CSI Capabilities Check:
  Failed to load provisioners (Get "https://10.96.0.1:443/apis/storage.k8s.io/v1/storageclasses": dial tcp 10.96.0.1:443: connect: no route to host)  -  Error

Error loading provisioners and storage classes: Get "https://10.96.0.1:443/apis/storage.k8s.io/v1/storageclasses": dial tcp 10.96.0.1:443: connect: no route to host
Validate Generic Volume Snapshot:
  failed to create pod ({"message":"given namespace doesn't exist","function":"kasten.io/k10/kio/tools/k10primer.(*gvsPodOperator).createAndWait","linenumber":146,"file":"kasten.io/k10/kio/tools/k10primer/validate_gvs.go:146","fields":r{"name":"namespace","value":"default"}]})  -  Error

serviceaccount "k10-primer" deleted
clusterrolebinding.rbac.authorization.k8s.io "k10-primer" deleted
job.batch "k10primer" deleted
 

Hello ibrahim,

 

So looking at the above it seems to show that when primer is attempting to run the API’s that the primer is failing to access 10.96.0.1. Could you please let me know what 10.96.0.1 is in your environment. 

 

Thanks

Emmanuel


Hello Emmanuel,
   
   I  think that 10.96.0.1 is the IP for calico CNI plugin 
    
     
   # Kubeconfig file for Calico CNI plugin. Installed by calico/node.
   apiVersion: v1
   kind: Config
   clusters:
   - name: local
     cluster:
       server: https://10.96.0.1:443

Also when i tried to curl on the mentioned API’s it works as per the below:
   curl https://10.96.0.1:443/version -k
{
  "major": "1",
  "minor": "21",
  "gitVersion": "v1.21.14",
  "gitCommit": "0f77da5bd4809927e15d1658fb4aa8f13ad890a5",
  "gitTreeState": "clean",
  "buildDate": "2022-06-15T14:11:36Z",
  "goVersion": "go1.16.15",
  "compiler": "gc",
  "platform": "linux/amd64"


 


Hello,
   ~]$ sudo kubectl get services
         NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
         kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   5h29m

Its the ip of the clusterIp service
 


Any update


@ibrahim elbehery Yes as per your output, the ip is the kubernetes service endpoint, that gets used internally by all the services in the cluster to connect with the kube-apiserver.

This usually is not exposed externally. In this case, you are trying to run the primer script, with the kubeconfig file pointing to this ip address where it is not reachable.

If your apiserver is exposed, you could prepare a kubeconfig with that endpoint and then run the primer script.

Primer script expects to you be able to connect to your apiserver with the kubeconfig and can create resources like pods, serivceaccount, pvcs etc.


Hello Jaiganesh,

   apiserver is not exposed


Comment