Open paulbehrisch opened 4 years ago
Solution:
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml
I had the exact same problem, but applying calico.yaml changed nothing. Now I have 0/1 of calico and 0/2 of coredns
$ kubectl --kubeconfig admin.kubeconfig get deployments -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
calico-kube-controllers 0/1 0 0 102s
coredns 0/2 0 0 29m
And describing the deployment doesn't really say why:
Name: calico-kube-controllers
Namespace: kube-system
CreationTimestamp: Sun, 26 Jul 2020 10:50:46 -0500
Labels: k8s-app=calico-kube-controllers
Annotations: Selector: k8s-app=calico-kube-controllers
Replicas: 1 desired | 0 updated | 0 total | 0 available | 0 unavailable
StrategyType: Recreate
MinReadySeconds: 0
Pod Template:
Labels: k8s-app=calico-kube-controllers
Service Account: calico-kube-controllers
Containers:
calico-kube-controllers:
Image: calico/kube-controllers:v3.15.1
Port: <none>
Host Port: <none>
Readiness: exec [/usr/bin/check-status -r] delay=0s timeout=1s period=10s #success=1 #failure=3
Environment:
ENABLED_CONTROLLERS: node
DATASTORE_TYPE: kubernetes
Mounts: <none>
Volumes: <none>
Priority Class Name: system-cluster-critical
OldReplicaSets: <none>
NewReplicaSet: <none>
Events: <none>
Name: coredns
Namespace: kube-system
CreationTimestamp: Sun, 26 Jul 2020 10:23:09 -0500
Labels: k8s-app=kube-dns
kubernetes.io/name=CoreDNS
Annotations: Selector: k8s-app=kube-dns
Replicas: 2 desired | 0 updated | 0 total | 0 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 1 max unavailable, 25% max surge
Pod Template:
Labels: k8s-app=kube-dns
Service Account: coredns
Containers:
coredns:
Image: coredns/coredns:1.7.0
Ports: 53/UDP, 53/TCP, 9153/TCP
Host Ports: 0/UDP, 0/TCP, 0/TCP
Args:
-conf
/etc/coredns/Corefile
Limits:
memory: 170Mi
Requests:
cpu: 100m
memory: 70Mi
Liveness: http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
Readiness: http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/etc/coredns from config-volume (ro)
Volumes:
config-volume:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: coredns
Optional: false
Priority Class Name: system-cluster-critical
OldReplicaSets: <none>
NewReplicaSet: <none>
Events: <none>
Also can't run busybox:
% kubectl run busybox --image=busybox:1.28 --command -- sleep 3600
Error from server (Forbidden): pods "busybox" is forbidden: error looking up service account default/default: serviceaccount "default" not found
I'm thinking this might be the culprit, but I don't see it in any of the event logs for the deployments.
Kubernetes master is running at https://35.222.214.59:6443
CoreDNS is running at https://35.222.214.59:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
What could be wrong / missing?
Perhaps this has something to do with it. I noticed I'm getting leader election events like crazy, and this is in the controller logs:
Jul 26 16:01:44 controller-0 kube-controller-manager[6023]: W0726 16:01:44.710524 6023 authentication.go:268] No authentication-kubeconfig provided in order to lookup client-ca-file in configmap/extension-apiserver-authentication in kube-system, so client certificate authentication won't work.
Jul 26 16:01:44 controller-0 kube-controller-manager[6023]: W0726 16:01:44.711687 6023 authentication.go:292] No authentication-kubeconfig provided in order to lookup requestheader-client-ca-file in configmap/extension-apiserver-authentication in kube-system, so request-header client certificate authentication won't work.
Jul 26 16:01:44 controller-0 kube-controller-manager[6023]: W0726 16:01:44.711751 6023 authorization.go:146] No authorization-kubeconfig provided, so SubjectAccessReview of authorization tokens won't work.
The kube-controller-manager service just keeps restarting:
Jul 26 17:01:01 controller-0 kube-controller-manager[2985]: E0726 17:01:01.696231 2985 controllermanager.go:521] Error starting "csrsigning"
Jul 26 17:01:01 controller-0 kube-controller-manager[2985]: F0726 17:01:01.696254 2985 controllermanager.go:235] error starting controllers: failed to start certificate c>
Jul 26 17:01:01 controller-0 systemd[1]: kube-controller-manager.service: Main process exited, code=exited, status=255/EXCEPTION
% kubectl get events -n kube-system
LAST SEEN TYPE REASON OBJECT MESSAGE
3m10s Normal LeaderElection endpoints/kube-controller-manager controller-2_50988d97-b53a-4f7b-8da8-89f739691fc1 became leader
3m10s Normal LeaderElection lease/kube-controller-manager controller-2_50988d97-b53a-4f7b-8da8-89f739691fc1 became leader
2m50s Normal LeaderElection endpoints/kube-controller-manager controller-1_06e7355b-40fa-4dd1-92c1-e6aab8a7b246 became leader
2m50s Normal LeaderElection lease/kube-controller-manager controller-1_06e7355b-40fa-4dd1-92c1-e6aab8a7b246 became leader
2m30s Normal LeaderElection endpoints/kube-controller-manager controller-0_e4a5f4a5-4492-48cb-8959-f3c9dc2a6e96 became leader
2m30s Normal LeaderElection lease/kube-controller-manager controller-0_e4a5f4a5-4492-48cb-8959-f3c9dc2a6e96 became leader
2m7s Normal LeaderElection endpoints/kube-controller-manager controller-1_d8325837-bffd-49b4-9456-a92897f855ed became leader
2m7s Normal LeaderElection lease/kube-controller-manager controller-1_d8325837-bffd-49b4-9456-a92897f855ed became leader
108s Normal LeaderElection endpoints/kube-controller-manager controller-0_17607701-70d9-49f4-a443-6118f49494d9 became leader
108s Normal LeaderElection lease/kube-controller-manager controller-0_17607701-70d9-49f4-a443-6118f49494d9 became leader
89s Normal LeaderElection endpoints/kube-controller-manager controller-2_9cdfac5c-e552-420b-9197-21f5eb6139dc became leader
89s Normal LeaderElection lease/kube-controller-manager controller-2_9cdfac5c-e552-420b-9197-21f5eb6139dc became leader
70s Normal LeaderElection endpoints/kube-controller-manager controller-0_7ad86a33-e9ea-458e-8356-6f29f0c2a506 became leader
70s Normal LeaderElection lease/kube-controller-manager controller-0_7ad86a33-e9ea-458e-8356-6f29f0c2a506 became leader
50s Normal LeaderElection endpoints/kube-controller-manager controller-1_f5325e69-4d23-421e-82da-5bc5aafadf93 became leader
50s Normal LeaderElection lease/kube-controller-manager controller-1_f5325e69-4d23-421e-82da-5bc5aafadf93 became leader
33s Normal LeaderElection endpoints/kube-controller-manager controller-2_4a9afb03-6b2e-4d6e-b96d-c2dd31b59e88 became leader
33s Normal LeaderElection lease/kube-controller-manager controller-2_4a9afb03-6b2e-4d6e-b96d-c2dd31b59e88 became leader
11s Normal LeaderElection endpoints/kube-controller-manager controller-1_e50dbc1b-d635-495f-87fd-ffecb7767ca9 became leader
11s Normal LeaderElection lease/kube-controller-manager controller-1_e50dbc1b-d635-495f-87fd-ffecb7767ca9 became leader
I followed the tutorial until
kubectl apply -f https://storage.googleapis.com/kubernetes-the-hard-way/coredns.yaml
This creates also a deployment, but it never created any pods for me. I tried to go back to step 1 and see if I missed a step, but I still wasn't able to make it work.Since that's a test cluster. I tried
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
which would give anon users admin access just to confirm if it's a RBAC related issue.