search

kubernetes / website

Kubernetes website and documentation repo:
https://kubernetes.io
Creative Commons Attribution 4.0 International
4.6k stars 14.49k forks source link

Documentation lacks clarity on adding control-plane nodes with external etcd using kubeadm #42782

Closed LoRKaa closed 8 months ago

LoRKaa commented 1 year ago

What happened:

When attempting to add a new control-plane node to a Kubernetes cluster with an external etcd, using the default kubeadm command resulted in the external etcd cluster's certificate being overwritten or corrupted.

What you expected to happen:

The documentation on setting up a highly available Kubernetes cluster with kubeadm and an external etcd should provide clear warnings or guidance on this potential issue. I followed the instructions from the following links:

Setting up a HA etcd cluster with kubeadm Setting up HA Kubernetes with kubeadm

Steps to reproduce:

Set up a Kubernetes cluster with an external etcd following the official documentation linked above. Attempt to add a new control-plane node using the default kubeadm command as suggested in the documentation.

Solution that worked:

I had to create a custom kubeadm configuration file:

apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
controlPlane:
  localAPIEndpoint:
    advertiseAddress: "10.1.1.51"
    bindPort: 6443
  certificateKey: "f7b1fd2db6f82731617d32f4991c11d56e49c140aea3f9ea50efc36825725028"
discovery:
  bootstrapToken:
    apiServerEndpoint: "10.1.1.250:6443"
    token: x63wk9.sfxq39oynypxdemf
    caCertHashes:
    - "sha256:d8894fe8ca0eff1928c4ee8bcb7c6d1af323b0ad0f05c7bf583bee6f02243e5f"
  tlsBootstrapToken: x63wk9.sfxq39oynypxdemf
etcd:
  external:
    endpoints:
      - https://10.1.1.18:2379
      - https://10.1.1.51:2379
    caFile: /etc/kubernetes/pki/etcd/ca.crt
    certFile: /etc/kubernetes/pki/etcd/server.crt
    keyFile: /etc/kubernetes/pki/etcd/server.key

And then used the following command to join the node:

kubeadm join --config=kubeadm-config.yaml --ignore-preflight-errors=FileAvailable--etc-kubernetes-manifests-etcd.yaml
k8s-ci-robot commented 1 year ago

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dipesh-rawat commented 1 year ago

/language en /sig cluster-lifecycle

neolit123 commented 1 year ago

The documentation on setting up a highly available Kubernetes cluster with kubeadm and an external etcd should provide clear warnings or guidance on this potential issue

i don't recall prior requests for such documentation extension. are you willing to contribute this in a new section - Adding new control plane nodes?

perhaps here: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/

LoRKaa commented 1 year ago

Thank you for the suggestion! I'm delighted to contribute and help improve the documentation. However, it's my first time contributing to the Kubernetes documentation, so I might need some guidance or references on how to proceed. I'm eager to learn and make a meaningful contribution!

neolit123 commented 1 year ago

the website has a guide here: https://kubernetes.io/docs/contribute/

k8s-triage-robot commented 10 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 9 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 8 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 8 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes/website/issues/42782#issuecomment-2022408816): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.