Cannot create kubernetes cluster with tls_disabled

Bug #1809254 reported by ARTEMIOS TOMARAS on 2018-12-20
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
magnum (Ubuntu)
Undecided
Unassigned

Bug Description

1) cat /etc/lsb_release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"

2) My setup is:
Openstack Queens
magnum-api 6.1.0-0ubuntu1
magnum-common 6.1.0-0ubuntu1
magnum-conductor 6.1.0-0ubuntu1
python-magnum 6.1.0-0ubuntu1
python-magnumclient 2.8.0-0ubuntu1

3) What you expected to happen:
Create a kubernetes cluster

4) What happened instead:

I create the following template:
openstack coe cluster template create kubernetes-cluster-template \
                     --image fedora-atomic-27 \
                     --external-network external \
                     --dns-nameserver 8.8.8.8 \
                     --master-flavor m1.medium \
                     --flavor m1.medium \
                     --docker-storage-driver overlay2 \
                     --coe kubernetes \
                     --tls-disabled

where fedora-atomic-27 is Fedora-Atomic-27-20180419.0.x86_64.qcow2

I launch my cluster as follows:
openstack coe cluster create kubernetes-cluster \
                        --cluster-template kubernetes-cluster-template \
                        --master-count 1 \
                        --node-count 1 \
                        --keypair magnum

Checking the status reports the following:
$ openstack coe cluster show kubernetes-cluster
+---------------------+------------------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------------------+
| status | CREATE_IN_PROGRESS |
| cluster_template_id | 5cf527fd-10a5-4a64-9da6-db02322afc18 |
| node_addresses | [] |
| uuid | 1a9490c2-b351-4903-9237-a94e9139307b |
| stack_id | 3bd7783f-7469-4ad8-920a-9a38955f8d10 |
| status_reason | None |
| created_at | 2018-12-20T12:50:07+00:00 |
| updated_at | 2018-12-20T12:50:13+00:00 |
| coe_version | None |
| labels | {} |
| faults | |
| keypair | magnum |
| api_address | None |
| master_addresses | [] |
| create_timeout | 60 |
| node_count | 1 |
| discovery_url | https://discovery.etcd.io/5e3c06417323e4b2c267e74bbcf0a402 |
| master_count | 1 |
| container_version | None |
| name | kubernetes-cluster |
| master_flavor_id | m1.medium |
| flavor_id | m1.medium |
+---------------------+------------------------------------------------------------+

The status is always stuck in CREATE_IN_PROGRESS.

Checking the /var/log/cloud-init-output.log inside the newly create kubernetes master vm reports the following:

....
+ echo 'Waiting for Kubernetes API...'
Waiting for Kubernetes API...
+ curl --silent http://127.0.0.1:8080/version
+ sleep 5
+ curl --silent http://127.0.0.1:8080/version
+ sleep 5
+ curl --silent http://127.0.0.1:8080/version
+ sleep 5
+ curl --silent http://127.0.0.1:8080/version
+ sleep 5
+ curl --silent http://127.0.0.1:8080/version
+ sleep 5

Checking the status of failed services inside the vm reports the following:
systemctl list-units | grep failed
● kube-apiserver.service loaded failed failed kubernetes-apiserver

Reviewing the log for the kube-apiserver.service reveals the true issue:
-- Logs begin at Thu 2018-12-20 12:52:47 UTC, end at Thu 2018-12-20 13:06:07 UTC. --
Dec 20 12:58:44 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: Started kubernetes-apiserver.
Dec 20 12:58:46 kubernetes-cluster-lathbpb54t7w-master-0.novalocal runc[1966]: I1220 12:58:45.991182 1 server.go:121] Version: v1.9.3
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal runc[1966]: error creating self-signed certificates: open /var/run/kubernetes/apiserver.crt: permission denied
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Unit entered failed state.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Service hold-off time over, scheduling restart.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: Stopped kubernetes-apiserver.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: Started kubernetes-apiserver.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal runc[2261]: I1220 12:58:47.544421 1 server.go:121] Version: v1.9.3
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal runc[2261]: error creating self-signed certificates: open /var/run/kubernetes/apiserver.crt: permission denied
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Unit entered failed state.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: kube-apiserver.service: Service hold-off time over, scheduling restart.
Dec 20 12:58:47 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: Stopped kubernetes-apiserver.
Dec 20 12:58:48 kubernetes-cluster-lathbpb54t7w-master-0.novalocal systemd[1]: Started kubernetes-apiserver.

So apparently I cannot access /var/run/kubernetes/.

Is there anyway to fix this?

description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in magnum (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers