fleetctl is not able to communicate with etcd

[upolymorph]

Despite working since several days I am still not able to have a stable cluster. Currently the error I have is regarding fleet service whish is not able to communicate with etcd. This could be linked to TLS certificate however a lot of certifcates and ca seems to be created during bootstrap and no documentation provided on how thos CAs are setup and should be used.

[cornelius-keller]

Hi @upolymorph , form my master branch I am able to set up a running culster, I just tested again. I had a problem this week that the wupio script was not working anymore with current coreos, but I fixed it in master. Is the code that you are tested with completely pushed to your fork on github? I would like to run it against my testing cluster to see the difference.

[upolymorph]

The issue I have are related wih certficates authorities that should be created. There are some inconsistencies with the creation of 2 CAs which are not really needed and the fact that kubectl is supposed to connect/handle two different CA (kubernetes-CA abd etcd-ca) which creates blocking in the installation. also fleet service was not correctly configure; env variables was not set. I am currently updating playbooks so that the CA will be unique for kubernetes and etcd and handled with cfssl (as curent playbook is using a old and dedicated version of etcd-ca). Will share the update with you when finished. I have create a pull request with some of the documentation I have done but I see that you haven't reviewed or commeted this PR. Are you interested by PR I can make or should I stop them?

[upolymorph]

@cornelius-keller I have completed and tested a full deployment using cfssl as CA, replacing etcd-ca and openssl CA. Check this commit if you have time and tell me if you are interested by a pull request. https://github.com/upolymorph/ansible-coroeos-kubernetes/commit/2658faf1e8793a29eb2ade934ec485bf7571ad94

[cornelius-keller]

Hi @upolymorph yes I am interested and wanted to do the same. Sorry for beeing quite the last week, I had to deal with some incidents. I hope it is better now and I'll find the time to go through your changes.

[cornelius-keller]

The thing is I never used fleet. I only used kubernetes to schedule containers. I'll have a look today.