Comments (7)
jdinsel-xealth
commented on August 15, 2024
See also #11073 and #11699. We also experienced this issue on AWS after upgrading linkerd-control-plane from v1.16.4. It does not reproduce in v1.16.4 (stable-2.14.3). We've witnessed it in all of the stable versions released after that.
from linkerd2.
alpeb
commented on August 15, 2024
It's possible that this setup doesn't leave enough time for the linkerd-cni DaemonSet to become ready before the linkerd control plane in deployed, which is addressed by #11699. However, even with that fix in, you might bump into the Talos issue #7945, for which an fix is being looked at in linkerd/linkerd2-proxy-init#264. Please check if you don't have access to the nsenter binary in your system to see if that's indeed the case.
from linkerd2.
jdinsel-xealth
commented on August 15, 2024
However, even with that fix in, you might bump into the Talos issue #7945, for which an fix is being looked at in linkerd/linkerd2-proxy-init#264. Please check if you don't have access to the
nsenterbinary in your system to see if that's indeed the case.
For us, I don't believe we're hitting the Talos issue described in the link. We're able to get the linkerd-network-validator to start by deleting the pod that is stuck in the crash loop. In almost all circumstances, the pod starts successfully when it's recreated.
from linkerd2.
olix0r
commented on August 15, 2024
@wibed Please note that you posted issuer private key credentials:
keyPEM: | -----BEGIN EC PRIVATE KEY----- MHcCAQEEIFJn8Sq4KD1RYRIatP8DFyqxzbP+CjHrksQ6M3abPdl6oAoGCCqGSM49 AwEHoUQDQgAEEsmkb8EdoCdLL0bMXpP8zvmn3iSwJGJk7LwdqOBeUu0NpSvrnIZd wf+WPBQiJ2QSb98KBC8lSjfQ1ThNbj0V4A== -----END EC PRIVATE KEY-----
These credentials could be used to forge certificates for your cluster. You should make sure to regenerate these credentials before using them in a real environment.
from linkerd2.
wibed
commented on August 15, 2024
@wibed Please note that you posted issuer private key credentials:
keyPEM: | -----BEGIN EC PRIVATE KEY----- MHcCAQEEIFJn8Sq4KD1RYRIatP8DFyqxzbP+CjHrksQ6M3abPdl6oAoGCCqGSM49 AwEHoUQDQgAEEsmkb8EdoCdLL0bMXpP8zvmn3iSwJGJk7LwdqOBeUu0NpSvrnIZd wf+WPBQiJ2QSb98KBC8lSjfQ1ThNbj0V4A== -----END EC PRIVATE KEY-----These credentials could be used to forge certificates for your cluster. You should make sure to regenerate these credentials before using them in a real environment.
i know, this is for you to avoid the necessity to google openssl commands... again.
these arent production credentials. (its play-dough man =))
from linkerd2.
alpeb
commented on August 15, 2024
@jdinsel-xealth for your specific case, that's gonna get addressed with the cni-repair controller (#11699), that should be included in an edge release as soon as that merges.
from linkerd2.
wibed
commented on August 15, 2024
i dont think either, as i believe the cni has not correctly been dispatched on the host as assumed.
i am not sure how to approach this on talos and am no longer interested in looking for a solution.
kindly reopen if someone wants to take my place.
from linkerd2.
Related Issues (20)
- policy: Support Gateway API GRPCRoute resources
- proxy: expose `clock_time_seconds` metric
- Linkerd destination policy container stalls after connection timeout with API server HOT 1
- Linkerd service profiles doesn't show any data in Linkerd route dashboards in grafana. HOT 2
- Linkerd does not inject proxy containers with custom CNI on AWS HOT 9
- After node restart linkerd-cni pod hast to be restarted sometimes HOT 4
- Default Server policy on linkerd-jaeger prohibits jaeger-ui access HOT 1
- Headless endpoint mirrors are incorrectly cleaned up as part of GC
- timestamp is in weird format HOT 2
- BadSignature error when using ec with key_bits 512 (works with 256) HOT 2
- CPU Spikes when upgrading to 2.4.10 from 2.4.0 HOT 3
- Linkerd CNI pods not aware about the OIDC signing key auto-rotation by AKS|
- PodMonitor linkerd-proxy - Creates duplicate timestamp metric labels
- `linkerd-destination` OOMKilled due to discovery spike in linkerd P2P multicluster, renders cluster inoperable HOT 5
- HTTPRoute intermittently fails to distribute traffic HOT 6
- Intermittent routing failures with HTTPRoute HOT 12
- Linkerd-proxy logging full header contents of incoming http requests for log level debug and trace. HOT 3
- Allow port ranges in dynamic authorization policy resources
- Prometheus metrics scrapes of `linkerd-proxy` are not TLS protected (occassionally) HOT 6
- Change default `cr.l5d.io` to `ghcr.io`? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linkerd2.