kubernetes-retired / cluster-api-provider-nested

Cluster API Provider for Nested Clusters
Apache License 2.0
301 stars 67 forks source link

api server failed to start #190

Closed jichenjc closed 3 years ago

jichenjc commented 3 years ago

What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.]

follow https://github.com/kubernetes-sigs/cluster-api-provider-nested/blob/main/docs/dev-quickstart.md

encounter

I0721 09:39:51.830823       1 server.go:149] Version: v1.16.2
Error: unable to load client CA file: unable to load client CA file: open /etc/kubernetes/pki/root/tls.crt: no such file or directory
Usage:
  kube-apiserver [flags]

Generic flags:

      --advertise-address ip                         The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.

the root cause is /etc/kubernetes/pki/root/tls.crt is not defined in volume and then it's not able to find the crt file to start the container,

I removed this line in stateful set and everything is ok now , so I think we need add a secret and mount to api server as volume..

kubectl edit statefulset cluster-sample-apiserver seems doesn't have

        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/kubernetes/pki/proxy
          name: cluster-sample-proxy-client
          readOnly: true
        - mountPath: /etc/kubernetes/pki/etcd/ca
          name: cluster-sample-etcd-ca
          readOnly: true
        - mountPath: /etc/kubernetes/pki/etcd
          name: cluster-sample-etcd-client
          readOnly: true
        - mountPath: /etc/kubernetes/pki/apiserver/ca
          name: cluster-sample-ca
          readOnly: true
        - mountPath: /etc/kubernetes/pki/apiserver
          name: cluster-sample-apiserver-client
          readOnly: true
        - mountPath: /etc/kubernetes/pki/kubelet
          name: cluster-sample-kubelet-client
          readOnly: true
        - mountPath: /etc/kubernetes/pki/service-account
          name: cluster-sample-sa
          readOnly: true

What did you expect to happen:

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Environment:

/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels]

jichenjc commented 3 years ago

I can submit a PR to add a secret and mount if it's something missing from previous change? or I encoutner env issue?

jinsongo commented 3 years ago

@jichenjc Please try the latest code from main branch, FYI: https://github.com/kubernetes-sigs/cluster-api-provider-nested/issues/185

jichenjc commented 3 years ago

thanks, I guess it's merged after I opened latest code, will try and close this if it works