when waiting for certificates relation, status messages are unhelpful
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubernetes Control Plane Charm |
Fix Released
|
Medium
|
Martin Kalcok | ||
| Kubernetes Worker Charm |
Fix Released
|
Medium
|
Martin Kalcok | ||
Bug Description
== Quick summary:
* Juju 2.7.5 (from 2.7/candidate channel)
* k8s deployed on top of bionic-stein
* Kubernetes channel: 1.17/stable
* All k8s services deployed except vault
* Several minutes later, vault application is also deployed
* Hours later, vault is unsealed
* after the weekend, kubernetes-master machines were removed and bundle redeployed, getting the same status
* "juju status --format yaml": https:/
== Longer explanation
Status showed that kubernetes-master was: Waiting for master components to start.
I tried to remove the relation between vault<-
https:/
I removed the following applications (had to "juju resolve --no-retry" on each -relation-departed, -broken, stop hook, etc.) and redeployed them again (all of them running on 2 nova instances):
* 2x units of kubernetes-master
* 1x easyrsa/0
* 1x openstack-
After redeployment (nova instances were recreated), "juju status" looks the same:
https:/
"journalctl -xe" shows:
Mar 23 09:57:24 juju-f5d4f1-
~# ls /root/cdk/
audit basic_auth.csv known_tokens.csv serviceaccount.key
| Alvaro Uria (aluria) wrote | #1 |
| George Kraft (cynerva) wrote | #2 |
| summary: |
- Fresh k8s deployment, and later Vault deployment + unseal: Waiting for - master components to start + when certificates relation is missing, "Waiting for master components to + start" status message is unclear |
| summary: |
when certificates relation is missing, "Waiting for master components to - start" status message is unclear + start" status message is unhelpful |
| Changed in charm-kubernetes-master: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| summary: |
- when certificates relation is missing, "Waiting for master components to - start" status message is unhelpful + when certificates relation is missing or stalled, "Waiting for master + components to start" status message is unhelpful |
| summary: |
- when certificates relation is missing or stalled, "Waiting for master - components to start" status message is unhelpful + when waiting for certificates relation, "Waiting for master components + to start" status message is unhelpful |
| George Kraft (cynerva) wrote | #3 |
| summary: |
- when waiting for certificates relation, "Waiting for master components - to start" status message is unhelpful + when waiting for certificates relation, status messages are unhelpful |
| Changed in charm-kubernetes-worker: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in charm-kubernetes-master: | |
| assignee: | nobody → Martin Kalcok (martin-kalcok) |
| Changed in charm-kubernetes-worker: | |
| assignee: | nobody → Martin Kalcok (martin-kalcok) |
| tags: |
added: backport-needed removed: review-needed |
| Changed in charm-kubernetes-master: | |
| status: | Triaged → Fix Committed |
| Changed in charm-kubernetes-worker: | |
| status: | Triaged → Fix Committed |
| Changed in charm-kubernetes-master: | |
| milestone: | none → 1.20+ck1 |
| Changed in charm-kubernetes-worker: | |
| milestone: | none → 1.20+ck1 |
| Changed in charm-kubernetes-master: | |
| status: | Fix Committed → Fix Released |
| Changed in charm-kubernetes-worker: | |
| status: | Fix Committed → Fix Released |
I initially escalated to ~field-critical but have now de-escalated it after some help in #k8s irc channel.
Several vault:certificates relations were missing. I followed the shared doc [1] by cynerva, and things started working.
FWIW, both easyrsa:
1. https:/