|
1 | 1 | --- |
2 | 2 | title: "Troubleshoot extension issues for Azure Arc-enabled Kubernetes clusters" |
3 | | -ms.date: 12/15/2023 |
| 3 | +ms.date: 12/19/2023 |
4 | 4 | ms.topic: how-to |
5 | 5 | description: "Learn how to resolve common issues with Azure Arc-enabled Kubernetes cluster extensions." |
6 | 6 | --- |
@@ -113,12 +113,37 @@ az k8s-configuration create <parameters> --debug |
113 | 113 |
|
114 | 114 | ## Azure Monitor Container Insights |
115 | 115 |
|
116 | | -[Azure Monitor Container Insights](/azure/azure-monitor/containers/container-insights-enable-arc-enabled-clusters?toc=%2Fazure%2Fazure-arc%2Fkubernetes%2Ftoc.json&bc=%2Fazure%2Fazure-arc%2Fkubernetes%2Fbreadcrumb%2Ftoc.json&tabs=create-cli%2Cverify-portal) requires its DaemonSet to run in privileged mode. To successfully set up a Canonical Charmed Kubernetes cluster for monitoring, run the following command: |
| 116 | +This section provides help troubleshooting issues with [Azure Monitor Container Insights for Azure Arc-enabled Kubernetes clusters](/azure/azure-monitor/containers/container-insights-enable-arc-enabled-clusters?toc=%2Fazure%2Fazure-arc%2Fkubernetes%2Ftoc.json&bc=%2Fazure%2Fazure-arc%2Fkubernetes%2Fbreadcrumb%2Ftoc.json&tabs=create-cli%2Cverify-portal). |
| 117 | + |
| 118 | +### Enabling privileged mode for Canonical Charmed Kubernetes cluster |
| 119 | + |
| 120 | +Azure Monitor Container Insights requires its DaemonSet to run in privileged mode. To successfully set up a Canonical Charmed Kubernetes cluster for monitoring, run the following command: |
117 | 121 |
|
118 | 122 | ```console |
119 | 123 | juju config kubernetes-worker allow-privileged=true |
120 | 124 | ``` |
121 | 125 |
|
| 126 | +### Unable to install Azure Monitor Agent (AMA) on Oracle Linux 9.x |
| 127 | + |
| 128 | +When trying to install the Azure Monitor Agent (AMA) on an Oracle Linux (RHEL) 9.x Kubernetes cluster, the AMA pods and the AMA-RS pod might not work properly due to the `addon-token-adapter` container in the pod. With this error, when checking the logs of the `ama-logs-rs` pod, `addon-token-adapter container`, you see output similar to the following: |
| 129 | + |
| 130 | +```output |
| 131 | +Command: kubectl -n kube-system logs ama-logs-rs-xxxxxxxxxx-xxxxx -c addon-token-adapter |
| 132 | + |
| 133 | +Error displayed: error modifying iptable rules: error adding rules to custom chain: running [/sbin/iptables -t nat -N aad-metadata --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory |
| 134 | +
|
| 135 | +iptables v1.8.9 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) |
| 136 | +
|
| 137 | +Perhaps iptables or your kernel needs to be upgraded. |
| 138 | +``` |
| 139 | + |
| 140 | +This error occurs because installing the extension requires the `iptable_nat` module, but this module isn't automatically loaded in Oracle Linux (RHEL) 9.x distributions. |
| 141 | + |
| 142 | +To fix this issue, you must explicitly load the `iptables_nat` module on each node in the cluster, using the `modprobe` command `sudo modprobe iptables_nat`. After you have signed into each node and manually added the `iptable_nat` module, retry the AMA installation. |
| 143 | + |
| 144 | +> [!NOTE] |
| 145 | +> Performing this step does not make the `iptables_nat` module persistent. |
| 146 | +
|
122 | 147 | ## Azure Arc-enabled Open Service Mesh |
123 | 148 |
|
124 | 149 | This section provides commands that you can use to validate and troubleshoot the deployment of the [Open Service Mesh (OSM)](tutorial-arc-enabled-open-service-mesh.md) extension components on your cluster. |
|
0 commit comments