FAQ and Troubleshooting
FAQ - Frequently Asked Questions
“How do I login into the cluster?”
Possible symptoms when running a kubectl command
error: You must be logged in to the server (Unauthorized)
or
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Tarook now uses short-lived kubeconfigs. Which means that, instead of commiting them encrypted into the cluster repository, they are not committed at all but instead re-generated from the Vault when they are needed.
You can login to the Tarook cluster with
$ ./managed-k8s/actions/k8s-login.sh
This will generate a kubeconfig that is valid for 8 days (by default). After that, you need to login again.
“How do I ssh into my cluster nodes?”
$ ssh -o UserKnownHostsFile=etc/ssh_known_hosts -i <path to private key> -l <username> <ip address>
- <path to private key>- This should be the path to your private key matching the keypair specified by the environment variable - TF_VAR_keypair.
 
- <username>- This should be the default user of the image you are deploying. 
- By default this should be - debianfor the gateway nodes and- ubuntufor the master and worker nodes.
 
- <ip address>- The gateway, worker and master nodes are all connected in a private network and all have unique private IP addresses. Additionally all gateway nodes are given floating IP addresses. 
- When ssh-ing to one of the gateways you can either use its floating or its private IP address. 
- Master and worker nodes are only accessible using their private IP addresses and the traffic to these nodes is always (transparently) routed via the gateway nodes. 
- The use of a private IP address requires first setting up the wireguard tunnel. - If it is not already up, you can set it up by running the wg-up.sh script. - $ ./managed-k8s/actions/wg-up.sh
 
 
“How can I test my Tarook-Cluster?”
We recommend testing whether your cluster was successfully deployed by manually logging into the nodes and/or by running:
$ ./managed-k8s/actions/test.sh
“How can I delete my Tarook-Cluster?”
You can delete the Tarook-Cluster and all associated OpenStack resources by triggering the destroy.sh script.
Warning
Destroying a cluster cannot be undone.
Note
The configuration of the cluster is neither deleted nor reset.
$ # Destroy the Tarook cluster and delete all OpenStack resources
$ MANAGED_K8S_RELEASE_THE_KRAKEN=true MANAGED_K8S_DISRUPT_THE_HARBOUR=true MANAGED_K8S_NUKE_FROM_ORBIT=true ./managed-k8s/actions/destroy.sh
Troubleshooting
“The apply-all.sh script cannot connect to the host nodes”
Error message: failed to detect a valid login!
- First make sure you can manually connect to the host nodes. 
- You may need to explicitly specify which key Ansible shall use for connections, i.e. the private key file corresponding to the OpenStack key pair specified by the environment variable - TF_VAR_keypairin- ~/.config/yaook-k8s/env.
- You can do this by setting the variable - ansible_ssh_private_key_fileon the command line via the AFLAGS environment variable:- $ AFLAGS='-e ansible_ssh_private_key_file=/path/to/private_key_file' ./managed-k8s/actions/apply-all.sh 
- Further information is available in the upstream documentation on Ansible connections. 
“My private wireguard key cannot be found”
Error message:
cat: '~/.wireguard/wg.key': No such file or directory
- Use an absolute path to specify the - wg_private_key_fileenvironment variable in- ~/.config/yaook-k8s/env.
“I can’t ssh into my cluster nodes”
- Follow the instructions on how to connect to the cluster via ssh. 
- Ensure that your ssh key is in a supported format. 
The Get certificate information task of the k8s-master fails
Error message:
AttributeError: 'builtins.Certificate' object has no attribute '_backend'
- Remove your local Ansible directory but make sure to not remove data you still need so make backup in case (e.g. - mv ~/.ansible ~/.ansible.bak)
- see this issue 
Ansible could not initialize the preferred locale: unsupported locale setting
Ansible requires UTF-8 encoding since v.2.14.0.
Try setting the following in your ~/.config/yaook-k8s/env:
$ [[ -z ${LC_ALL} ]] && { export LC_ALL=C.UTF-8 ; }