search

okd-project / okd

The self-managing, auto-upgrading, Kubernetes distribution for everyone
https://okd.io
Apache License 2.0
1.67k stars 289 forks source link

OKD 4.15 single node install is broken #1918

Closed gtomilko closed 2 months ago

gtomilko commented 2 months ago

Describe the bug Certificate on bootstrap image expired

Version 4.15.0-0.okd-2024-03-10-010116

Machine Dell R640

How reproducible 100% reproducible

Log bundle 20:08:46 cluster-bootstrap[96008]: Starting temporary bootstrap control plane... Apr 08 20:08:46 bootkube.sh[95982]: Starting temporary bootstrap control plane... Apr 08 20:08:46 cluster-bootstrap[96008]: Waiting up to 20m0s for the Kubernetes API Apr 08 20:08:46 bootkube.sh[95982]: Waiting up to 20m0s for the Kubernetes API Apr 08 20:08:47 cluster-bootstrap[96008]: Still waiting for the Kubernetes API: Get "https://localhost:6443/readyz": dial tcp [::1]:6443: connect: connection refused Apr 08 20:08:47 bootkube.sh[95982]: Still waiting for the Kubernetes API: Get "https://localhost:6443/readyz": dial tcp [::1]:6443: connect: connection refused Apr 08 20:08:50 cluster-bootstrap[96008]: API is up Apr 08 20:08:50 bootkube.sh[95982]: API is up Apr 08 20:08:50 bootkube.sh[95982]: All self-hosted control plane components successfully started Apr 08 20:08:50 cluster-bootstrap[96008]: All self-hosted control plane components successfully started Apr 08 20:08:50 cluster-bootstrap[96008]: W0408 20:08:50.339870 1 reflector.go:533] github.com/openshift/cluster-bootstrap/pkg/start/status.go:127: failed to list v1.Pod: Get "https://localhost:6443/api/v1/pods": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 cluster-bootstrap[96008]: E0408 20:08:50.339950 1 reflector.go:148] github.com/openshift/cluster-bootstrap/pkg/start/status.go:127: Failed to watch v1.Pod: failed to list v1.Pod: Get "https://localhost:6443/api/v1/pods": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 bootkube.sh[95982]: W0408 20:08:50.339870 1 reflector.go:533] github.com/openshift/cluster-bootstrap/pkg/start/status.go:127: failed to list v1.Pod: Get "https://localhost:6443/api/v1/pods": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 bootkube.sh[95982]: E0408 20:08:50.339950 1 reflector.go:148] github.com/openshift/cluster-bootstrap/pkg/start/status.go:127: Failed to watch v1.Pod: failed to list v1.Pod: Get "https://localhost:6443/api/v1/pods": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 cluster-bootstrap[96008]: [#1] failed to fetch discovery: Get "https://localhost:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 bootkube.sh[95982]: Sending bootstrap-success event.[#1] failed to fetch discovery: Get "https://localhost:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 cluster-bootstrap[96008]: Sending bootstrap-success event.Tearing down temporary bootstrap control plane... Apr 08 20:08:50 bootkube.sh[95982]: Tearing down temporary bootstrap control plane... Apr 08 20:08:50 cluster-bootstrap[96008]: Error: Post "https://localhost:6443/api/v1/namespaces/kube-system/events": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z Apr 08 20:08:50 bootkube.sh[95982]: Error: Post "https://localhost:6443/api/v1/namespaces/kube-system/events": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z

codespearhead commented 2 months ago

The logs say current time 2024-04-08T20:08:50Z is after 2024-04-05T22:55:18Z, so the generated certificates are already expired.

Make sure the system time on the nodes is correct before trying again.

gtomilko commented 2 months ago

Time checked and is correct

gtomilko commented 2 months ago

Probably my bad, will try to rerun "create single-node-ignition-config"

gtomilko commented 2 months ago

Yep, it was my bad. Had to regenerate ignition file.