FAQ - Kubeopsctl

Known Issues

ImagepullBackoffs in Cluster

if you have imagepullbackoffs in your cluster, p.e. for prometheus, you can just use the kubeopsctl change registry comamnd again. e.g. kubeopsctl change registry -r :30002/library -t localhost:30002/library -f kubeopsctl.yaml

FAQ - KubeOps SINA

Error Messages

There is an error message regarding Remote-Certificate

  • Error: http://hub.kubernative.net/dispatcher?apiversion=3&vlientversion=2.X.0 : 0
  • X means per version
  • CentOS 7 cannot update the version by itself (ca-certificates-2021.2.50-72.el7_9.noarch).
    • Fix: yum update ca-certificates -y or yum update
  • Manual download and install of ca-certificates RPM:
    • Download: curl http://mirror.centos.org/centos/7/updates/x86_64/Packages/ca-certificates-2021.2.50-72.el7_9.noarch.rpm -o ca-certificates-2021.2.50-72.el7_9.noarch.rpm
    • Install: yum install ca-certificates-2021.2.50-72.el7_9.noarch.rpm -y

SINA Usage

Can I use SINA with sudo?

  • At the moment, SINA has no sudo support.
  • Docker and Helm, which are required, need sudo permissions.

I get an error message when I try to search an empty Hub?

  • Known bug, will be fixed in a later release.
  • Need at least one package in the Hub before you can search.

Package Configuration

In my package.yaml, can I use uppercase characters as a name?

  • Currently, only lowercase characters are allowed.
  • This will be fixed in a later release.

I have an error message that says “Username or password contain non-Latin characters”?

  • Known bug, may occur with incorrect username or password.
  • Please ensure both are correct.

In my template.yaml, can I just write a value without an associated key?

  • No, a YAML file requires a key-value structure.

Do I have to use the template plugin in my SINA package?

  • No, you don’t have to use the template plugin if you don’t want to.

I have an error message that says “reference not set to an instance of an object”?

  • Error from our tool for reading YAML files.
  • Indicates an attempt to read a value from a non-existent key in a YAML file.

I try to template but the value of a key stays empty.

  • Check the correct path of your values.
  • If your key contains “-”, the template plugin may not recognize it.
  • Removing “-” will solve the issue.

FAQ - KubeOps LIMA

Error Messages

LIMA 0.10.6 Cluster not ready

  • You have to apply the calico.yaml in the $LIMAROOT folder:
kubectl apply -f $LIMAROOT/calico.yaml

read header failed: Broken pipe

for lima version >= 0.9.0

  • Lima stops in line

ansible Playbook : COMPLETE : Ansible playbooks complete.

  • Search for

in the path Broken pipe. From the line with Broken pipe check if the following lines exist:

debug3: mux_client_read_packet: read header failed: Broken pipe

debug2: Received exit status from master 1

Shared connection to vli50707 closed.


<vli50707> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)


If this is the case, line /etc/ansible/ansible.cfg

in the currently running lima container in file ssh_args =-C -o ControlMaster=auto -o ControlPersist=60s must be commented out or removed.


docker container ls



99cabe7133e5 registry1.kubernative.net/lima/lima:v0.8.0 "/bin/bash" 6 days

ago Up 6 days lima-v0.8.0

docker exec -it 99cabe7133e5 bash

vi /etc/ansible/ansible.cfg 

Change the line ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s to #ssh_args = -C-o ControlMaster=auto -o ControlPersist=60s or delete the line.

I want to delete the cluster master node and rejoin the cluster. When trying to rejoin the node a problem occurs and rejoining fails. What can be done?

To delete the cluster master, we need to set the cluster master to a different master machine first.

  1. On the admin machine: change the IP-Address from the current to new cluster master in:

    1. /var/lima/<name_of_cluster>/clusterStorage.yaml
    2. ~/.kube/config
  2. Delete the node

  3. Delete the images to prevent interference: ctr -n k8s.io i rm $(ctr -n k8s.io i ls -q)

  4. Change IP on new cluster master in

  1. Change IPs in config maps:

    1. kubectl edit cm kubeadm-config -n kube-system
    2. kubectl edit cm kube-proxy -n kube-system
    3. kubectl edit cm kubeadm-config -n kube-system
    4. kubectl edit cm cluster-info -n kube-public
  2. Restart kubelet

  3. Rejoin the node

Using LIMA on RHEL8 fails to download metadata for repo “rhel-8-for-x86_64-baseos-rpms”. What should I do?

This is a common problem which happens now and then, but the real source of error is difficult to identify. Nevertheless, the workaround is quick and easy: clean up the current repo data, refresh the subscription-manager and update the whole operating system. This can be done with the following commands:

dnf clean all

rm -frv /var/cache/dnf

subscription-manager refresh

dnf update -y

How does LIMA handle SELinux?

SELinux will be temporarily deactivated during the execution of LIMA tasks. After the execution is finished, SELinux is automatically reactivated. This indicates you are not required to manually enable SELinux every time while working with LIMA.


  1. They are responsible for updating the loadbalancer, you can update them manualy and delete the pod

  2. You can try redeploying the deamonset to the kube-system namespace

I can not upgrade past KUBERNETES 1.21.X

  1. Please make sure you only have the latest dependancy packages for your enviroment in your /packages folder.

  2. It could be related to this kubernetes bug https://v1-22.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/

  3. Try upgrading past 1.21.x manualy

My master can not join, it fails when creating /ROOT/.KUBE

try the following commands on the master

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config 

Some nodes are missing the loadbalancer

  1. Check if the Loadbalancer staticPod file can be found in the manifest folder of the node.

  2. If it isn’t there please copy it from another node.

Some nodes didn’t upgrade. What to do now?

  1. Retry to upgrade your cluster.

  2. If LIMA thinks you are already on the target version edit the stored data of your cluster at $LIMAROOT/myClusterName/clusterStorage.yaml.

    Set the Key kubernetesVersion to the lowest kubernetes Version present on a Node in your cluster.

Could not detect a supported package manager from the followings list: [‘PORTAGE’, ‘RPM’, ‘PKG’, ‘APT’], or the required PYTHON library is not installed. Check warnings for details.

  1. Check if you got a package manager.

  2. You have to install python3 with yum install python and then create a symlink from python to python3 with update-alternatives --config python.

Aborting, target uses SELINUX but PYTHON bindings (LIBSELINUX-PYTHON) aren’t installed!

You have to install libselinux-python on your cluster machine so you can install a firewall via LIMA.

FAQ - KubeOps PIA

The httpd service is terminating too long. How can I force the shut down?

  1. Use following command to force shut down httpd service:
kubectl delete deployment pia-httpd –grace-period=0 –force
  1. Most deployments got a networking service like our httpd does.

Delete the networking service with the command:

kubectl delete svc pia-httpd-service –grace-period=0 –force

I get the error that some nodes are not ‘Ready’. How do I fix the problem?

  1. Use kubectl get nodes command to find out first which node is not ready.

  2. To identify the problem, get access to the shell of the non-ready node . Use systemctl status kubelet to get status information about state of kubelet.

  3. The most common cause of this error is that the kubelet has the problem of not automatically identify the node. In this case, the kubelet must be restarted manually on the non-ready machine. This is done with systemctl enable kubelet and systemctl start kubelet.

  4. If the issue persists, reason behind the error can be evaluated by your cluster administrators.


Support of S3 storage configuration doesn’t work

At the moment, the sina-package rook-ceph:1.1.2 (utilized in kubeOps 1.1.3) is employing a Ceph version with a known bug that prevents the proper setup and utilization of object storage via the S3 API. If you require the functionality provided by this storage class, we suggest considering the use of kubeOps 1.0.7. This particular version does not encounter the aforementioned issue and provides comprehensive support for S3 storage solutions.

Change encoding to UTF-8

Please make sure that your uservalues.yaml is using UTF-8 encoding.

If you get issues with encoding, you can change your file to UTF-8 with the following command:

iconv -f UTF-8 -t ISO-8859-1 uservalues.yaml > uservalues.yaml

How to update Calico Multus?

  1. Get podSubnet located in clusterStorage.yaml ($LIMAROOT/<clustername>/clusterStorage.yaml)

  2. Create a values.yaml with key=>podSubnet an value=>



  3. Get the deployment name of the current calicomultus installation with the sina list- command


| Deployment | Package | PublicHub | Hub |


| 39e6da | local/calicomultus:0.0.1 |        | local |
  1. Update the deployment with
sina update lima/calicomultus:0.0.2 --dname <yourdeploymentname> --hub=public -f values.yaml

–dname: important parameter mandatory for the update command.

-f values.yaml: important that the right podSubnet is being used.

Known issue:

error: resource mapping not found for name: calico-kube-controllers namespace:co.yaml: no matches for kind PodDisruptionBudget in version policy/v1beta1

ensure CRDs are installed first

Create Cluster-Package with firewalld:

If you want to create a cluster with firewalld and the kubeops/clustercreate:1.0. - package you have to manually pull the firewalld - maintenance - package for your OS first, after executing the kubeops/setup:1.0.1 - package.

Opensearch pods do not start:

If the following message appears in the Opensearch pod logs, the vm.max_map_count:

ERROR: [1] bootstrap checks failed

[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

On all control-plane and worker nodes the line vm.max_map_count=262144 must be added to the file /etc/sysctl.conf.

After that the following command must be executed in the console on all control-plane and worker nodes: sysctl -p

Finally, the Opensearch pods must be restarted.


Known issue:

Upgrading the kubernetes version within the cluster is with the current Beta3 release not possible. It will be fixed in the next release. HA capability only after 12h, for earlier HA capability manually move the file /etc/kubernetes/manifest/haproxy.yaml out of the folder and back in again