/
Prerequisites for k3s on Ubuntu Linux

Prerequisites for k3s on Ubuntu Linux

Owned by Space Sync for Confluence
Last updated: Oct 24, 2024
2 min read

Disable and stop firewall

$ sudo ufw status $ sudo ufw stop $ sudo ufw disable

Disable and stop AppArmor

$ sudo systemctl status apparmor $ sudo systemctl stop apparmor $ sudo systemctl disable apparmor

Disable systemd-resolved

systemd-resolved is a system service in Linux that serves as a network name resolution manager. Its primary function is to provide network name resolution services to local applications running on the system.

When enabled in k3s installations systemd-resolved will cause issues with communication between the pods, therefore it needs to be disabled.

Code below will stop and disable systemd-resolved and create a single DNS entry in /etc/resolv.conf, this can be adjusted per customer basis depending what DNS server customer is using:

sudo su - systemctl disable systemd-resolved.service systemctl stop systemd-resolved

Then put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.confto allow a static resolver entry:

Delete symlink /etc/resolv.conf

Use one of these to restart networking:

And finally:

Note, that using sudo will not work here, you need to switch user to root to complete.

Customers should use their internal name server (DNS) instead of google’s 8.8.8.8, please confirm DNS IP address with customer. Using public server may have compliance implications and will not allow to resolve internal host names.

“Unable to resolve host […]” after every command

If get errors like

You can fix this by setting your hostname in hostnamectl if it isn’t already:

Example:

Then adding a line with hostname pointing to your localhost IP, into your /etc/hosts file:

(The original line with localhost doesn’t need to be removed.)

Changes to DNS while k3s is running

If you make any changes to /etc/resolv.conf while k3s is running, your changes will not propagate to coredns, so containers inside k3s will still try to use the old IP to resolve hostnames.

If the old DNS server is not running anymore, this will mean the following issues persisting even AFTER the DNS IP has been corrected in resolv.conf:
- disconnection from rancher
- not getting updates
- ErrImagePull
- logs pods such as cattle-cluster-agent-xxxx referring to “lookup” errors and failing to connect to some pod on port 53.

Solution 1: you can use the /usr/local/bin/k3s-killall.sh script, preferably as root to not just gracefully stop the k3s service, but also stop all pods (including coredns). See Stopping K3s | K3s.

Once this script has finished, you can restart k3s with systemctl start k3s.service.

Solution 2: reboot also works.

Related content

Prerequisites for k3s on RHEL/CentOS/Oracle Linux
Prerequisites for k3s on RHEL/CentOS/Oracle Linux
GV-KnowledgeBase
More like this
Air Gap Installation
Air Gap Installation
GV-KnowledgeBase
Read with this
Initial k3s install not fully functioning on Centos 7.9
Initial k3s install not fully functioning on Centos 7.9
GV-KnowledgeBase
More like this
K3s Installation
K3s Installation
GV-KnowledgeBase
Read with this
Troubleshooting
Troubleshooting
GV-KnowledgeBase
More like this
Best Practices Document
Best Practices Document
GV-KnowledgeBase
Read with this

Classified as Getvisibility - Partner/Customer Confidential