search

admiraltyio / admiralty

A system of Kubernetes controllers that intelligently schedules workloads across clusters.
https://admiralty.io
Apache License 2.0
673 stars 87 forks source link

x509: certificate signed by unknown authority #196

Closed charmingCh closed 11 months ago

charmingCh commented 11 months ago

hi~ I'm trying this quick-start I attempted to schedule pod to the arm64 cluster through the amd64 cluster.Task scheduling is fine, but k8s exec/logs cannot run properly.

Failed to load logs: Get "https://192.168.113.169:10250/containerLogs/odi/global-2-b89ls/c?tailLines=502&timestamps=true": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Reason: undefined (500)

amd64 cluster k8s version:v1.20.15-vke.13 arm64 cluster k3s version:v1.20.15+k3s1 cert-manager version:1.10.2 admiralty version:0.14.1 Operating Steps: i.kubectl --context orin-dev -n odi create serviceaccount huoshan-bj-dev ii.TOKEN=$(kubectl --context dev -n odi create token huoshan-bj-dev) iii.

CONFIG=$(kubectl --context orin-dev config view \
    --minify --raw --output json | \
    jq '.users[0].user={token:"'$TOKEN'"} | .clusters[0].cluster.server="https://10.237.1.3:6443"')

iv.

kubectl --context dev -n odi create secret generic orin-dev \
    --from-literal=config="$CONFIG"

v.

cat <<EOF | kubectl --context dev -n odi apply -f -
apiVersion: multicluster.admiralty.io/v1alpha1
kind: Target
metadata:
  name: orin-dev
spec:
  kubeconfigSecret:
    name: orin-dev
EOF

vi.

cat <<EOF | kubectl --context orin-dev -n odi apply -f -
apiVersion: multicluster.admiralty.io/v1alpha1
kind: Source
metadata:
  name: huoshan-bj-dev
spec:
  serviceAccountName: huoshan-bj-dev
EOF

My token like this:

{
  "kind": "Config",
  "apiVersion": "v1",
  "preferences": {},
  "clusters": [
    {
      "name": "default",
      "cluster": {
        "server": "https://10.237.1.3:6443",
        "certificate-authority-data": "xxxxxxx"
      }
    }
  ],
  "users": [
    {
      "name": "default",
      "user": {
        "token": "xxxxxxx"
      }
    }
  ],
  "contexts": [
    {
      "name": "orin-dev",
      "context": {
        "cluster": "default",
        "user": "default"
      }
    }
  ],
  "current-context": "orin-dev"
}

I can schedule nodes over, but I cannot use the k8s API. Is this in line with expectations? What could have gone wrong? Can you give me some suggestions for troubleshooting?