Pod's can't communicate with kube-apiserver in multi master cluster
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
Fix Released
|
Undecided
|
Spyros Trigazis |
Bug Description
I have deployed k8s cluster using magnum with 3 masters and 3 nodes:
[DEV]root@
NAME STATUS AGE VERSION
k8s-test-
k8s-test-
k8s-test-
k8s-test-
k8s-test-
k8s-test-
But it looks like there is problem with authenticating to kube-apiserver from pods.
In coredns logs I see:
E0110 10:11:07.239014 5 reflector.go:214] github.
rovide credentials (get endpoints)
E0110 10:11:07.239326 5 reflector.go:214] github.
vide credentials (get services)
E0110 10:11:07.239455 5 reflector.go:214] github.
rovide credentials (get namespaces)
In dashboard logs I see:
[DEV]root@
Using HTTP port: 9090
Creating API server client for https:/
Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service accounts configuration) or the --apiserver-host param points to a server that does not exist. Reason: the server has asked for the client to provide credentials
Refer to the troubleshooting guide for more information: https:/
When I deploy helm in tiller logs I see:
[tiller] 2018/01/10 10:44:07 preparing install for
[storage] 2018/01/10 10:44:07 getting release "muddled-
[storage/driver] 2018/01/10 10:44:07 get: failed to get "muddled-
[tiller] 2018/01/10 10:44:07 info: generated name muddled-woodpecker is taken. Searching again.
[storage] 2018/01/10 10:44:07 getting release "guilded-fish.v1"
[storage/driver] 2018/01/10 10:44:07 get: failed to get "guilded-fish.v1": the server has asked for the client to provide credentials (get configmaps guilded-fish.v1)
[tiller] 2018/01/10 10:44:07 info: generated name guilded-fish is taken. Searching again.
[storage] 2018/01/10 10:44:07 getting release "foiled-bunny.v1"
[storage/driver] 2018/01/10 10:44:07 get: failed to get "foiled-bunny.v1": the server has asked for the client to provide credentials (get configmaps foiled-bunny.v1)
[tiller] 2018/01/10 10:44:07 info: generated name foiled-bunny is taken. Searching again.
[storage] 2018/01/10 10:44:07 getting release "yodeling-
[storage/driver] 2018/01/10 10:44:07 get: failed to get "yodeling-
[tiller] 2018/01/10 10:44:07 info: generated name yodeling-antelope is taken. Searching again.
[storage] 2018/01/10 10:44:07 getting release "anxious-kiwi.v1"
[storage/driver] 2018/01/10 10:44:07 get: failed to get "anxious-kiwi.v1": the server has asked for the client to provide credentials (get configmaps anxious-kiwi.v1)
[tiller] 2018/01/10 10:44:07 info: generated name anxious-kiwi is taken. Searching again.
[tiller] 2018/01/10 10:44:07 warning: No available release names found after 5 tries
[tiller] 2018/01/10 10:44:07 failed install prepare step: no available release name found
Changed in magnum: | |
status: | New → Confirmed |
Changed in magnum: | |
assignee: | nobody → Spyros Trigazis (strigazi) |
status: | Confirmed → In Progress |
I have opened similar bug on kubernetes github (https:/ /github. com/kubernetes/ kubernetes/ issues/ 58071) , but it was closed with comment: "sounds like something you need to take up with the magnum team (especially the credentials references). they can escalate to this repository if needed."