Hello, I checked the prerequisites and successfully deployed the appliance, but it is not working:

* kubectl get pods -A returns connection to localhost:8080 was refused
* kubectl config view returns clusters: null and contexts: null.
* None of the endpoints (/bootstrap, /top, /events, /webhook) are available.

What am I doing wrong?
Thank you!

More info:

* vCenter version is 6.7.0
* First message on bootup is: "systemd[1]: Failed to start Load AppArmor profiles."
* I can log in as root from the CLI and successfully ping the DNS, NTP, gateway and proxy servers.

Any help is appreciated.

I just realized this appliance is internet enabled to get the latest pods, is there a way to install this on a dark site?

That's incorrect. By design, it supports air-gap as all containers required for setup is pre-pulled as part of the appliance.

You are right I checked the images and they are all accounted for. I didnot have the right command to look them up without a working control plane but I figured it out.
registry.k8s.io/coredns/coredns v1.9.3
registry.k8s.io/etcd 3.5.6-0
registry.k8s.io/kube-apiserver v1.25.5
registry.k8s.io/kube-controller-manager v1.25.5
registry.k8s.io/kube-proxy v1.25.5
registry.k8s.io/kube-scheduler v1.25.5

So I tried deploying this appliance allot of times now. Went back to simple config with a hostname, only 1 dns server and ntp however in an offline environment it fails every time trying to setup the controlplane:

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4

[kubelet-check] Initial timeout of 40s passed.

couldn't initialize a Kubernetes cluster
error execution phase wait-control-plane

And no containers have been created, went through the "/root/setup/setup-04-kubernetes.sh" and emulated the same command (after a kubaadm reset) ie:
"kubeadm init --ignore-preflight-errors SystemVerification --skip-token-print --config /root/config/kubernetes/kubeconfig.yaml"

But same error and cannot figure out what the problem is. Even with logging on v=5 onyly the above mentioned errors come up and nothing else.

I'll try this tonight on my homelab with internet see if that works. I have a hunch that it still wants to download something but there is no log indication.

I found the problem and confirmed my assumption.
There is an entry in "/etc/containerd/config.toml"with an old image under the value: sandbox_image.

- Changed it to: sandbox_image = "registry.k8s.io/pause:3.8"
- Restarted containerd: systemctl restart containerd
- reset kubeadm workspace: kubeadm reset --force
- executed the "kubeadm init --ignore-preflight-errors SystemVerification --skip-token-print --config /root/config/kubernetes/kubeconfig.yaml"

Went through without a hitch, I feel there is a need for a 0.7.6 with a small adjustment :p

Is it possible to secure the /event and /top endpoint as critical infrastructure information may be exposed if there isnt any form of authentication

All endpoints are behind auth, which you configure as part of the deployment :) Once you've authenticated once, then it won't re-prompt

How do I configure auth for the /event endpoint? I haven't found any such way to configure it. This is for the endpoint backed by the sockeye service

You don't configure the individual endpoints, it simply uses the root password that you specifiy for the VEBA appliance and then uses that for authorization

Are you sure you're providing a working appliance here? I deployed the current .ova (version 0.7.5), via vCenter 8.0.1 on ESXi 8.0.1, but it comes only up half-baked: I can login (via console or SSH), but no web server or anything else seems to be running.

According to your troubleshooting guide, kubectl get pods -A should give a list of running pods, but instead it just says connection to localhost:8080 refused.

I've got the same issue on 0.7.5.

root@xyz[ ~ ]# kubectl get pods -A
The connection to the server localhost:8080 was refused - did you specify the right host or port?

I tried to deploy it 2 times, same result. I used exactly the same configuration as I had on 0.7.4.

Are you sure you've met all the pre-req and that your input doesn't have any errors, such as incorrect DNS entries, etc? Have you checked that you don't have any conflicting networks that may collide with the default POD CIDR Network?

We've got many many users who've all successfully deployed over the years and not had issues. I suspect you've either provided bad input or have conflicts in your network that would prevent k8s from properly starting up.