Closed kholisrag closed 3 years ago
Hi @petrukngantuk thanks for filing this issue!
It looks like the readiness probe is failing because catalog-sync is unable to reach a healthy server in the cluster where quorum has been established already.
Could you also provide a bit more information about your cluster as well as the output of kubectl get pods
showing that the other server nodes are online and healthy?
Hi @petrukngantuk thanks for filing this issue! It looks like the readiness probe is failing because catalog-sync is unable to reach a healthy server in the cluster where quorum has been established already. Could you also provide a bit more information about your cluster as well as the output of
kubectl get pods
showing that the other server nodes are online and healthy?
Added @kschoche
Hi @petrukngantuk - thanks for updating the issue! The health endpoint for sync-catalog issues a consul client API call to check on the state of the consul cluster, and I noticed that you have clients disabled. When the sync catalog pod gets scheduled on a node which doesn't have a consul agent running it won't be able to complete the API call through the client and it will never become healthy. I've confirmed that I was able to reproduce the issue on my end with your yaml file and enabling clients should get you up and running! Please let me know if that helps out!
@kschoche I didn't want to enabled the client, btw 😁
Hi @petrukngantuk I've created a fix which addresses this issue and should let you use sync+autoencrypt with clients disabled, it is in master now. For reference here is the PR that did the changes https://github.com/hashicorp/consul-helm/pull/891
I'll go ahead and close this one out as fixed, if you run into any problems feel free to let me know! cheers.
When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
Overview of the Issue
consul-sync-catalog
crashloopback because kubernetes detect readiness probe have 500 responseReproduction Steps
Steps to reproduce this issue, eg:
values.yml
:Logs
Include any relevant logs.
Logs
``` [GET /health/ready] Error getting leader status: Get "https://consul-server:8501/v1/status/leader": x509: certificate signed by unknown authority [GET /health/ready] Error getting leader status: Get "https://consul-server:8501/v1/status/leader": x509: certificate signed by unknown authority [GET /health/ready] Error getting leader status: Get "https://consul-server:8501/v1/status/leader": x509: certificate signed by unknown authority [GET /health/ready] Error getting leader status: Get "https://consul-server:8501/v1/status/leader": x509: certificate signed by unknown authority [GET /health/ready] Error getting leader status: Get "https://consul-server:8501/v1/status/leader": x509: certificate signed by unknown authority 2021-03-18T12:50:41.724Z [WARN] to-consul/sink: error registering service: node-name=k8s-sync service-name={{redacted}} service="&{ {{redacted}} [k8s] map[external-k8s-ns:dev external-source:kubernetes port-default:15000] 30252 {{redacted}} map[] {0 0} false 0 0the consul server working normally and the UI can be accessed,
we use AWS EKS 1.16
Expected behavior
What was the expected result?
Consul Service can be sync to kubernetes, without modifying coredns config
Environment details
If not already included, please provide the following:
consul-k8s
version: 0.24.0consul-helm
version: 0.30.0kubernetes
version: 1.16-eks