search

postfinance / kubelet-csr-approver

Kubernetes controller to enable automatic kubelet CSR validation after a series of (configurable) security checks
MIT License
177 stars 34 forks source link

Unable to retrieve the complete list of server APIs: certificates.k8s.io/v1 with default deployment #211

Closed onetwopunch closed 10 months ago

onetwopunch commented 11 months ago

I'm using the default options in deploy/k8s and only overriding the KUBERNETES_SERVICE_{HOST,PORT} environment variables but getting the following error about a minute or so after the pod starts:

E1211 19:49:34.608041       1 leaderelection.go:332]
{
"level":"ERROR",
"ts":"2023-12-11T19:44:49.789Z",
"logger":"controller-runtime.source.EventHandler",
"caller":"source/kind.go:68",
"msg":"failed to get informer from cache",
"error":"failed to get API group resources: 
      unable to retrieve the complete list of server APIs: 
          certificates.k8s.io/v1: 
              Get \"https://API_SERVER:6443/apis/certificates.k8s.io/v1\": 
                 dial tcp: lookup API_SERVER: i/o timeout"
}

I know that pods are able to talk to the api server because I have a running deployment of kube-state-metrics that also overrides the same env vars with the same values.

I'm running kubernetes 1.28.3 if that's helpful.

clementnuss commented 11 months ago

then I would assume you misconfigured your environment variables 😉 can you show me how you did that ?

also, it's typically not needed to customize the KUBERNETES_SERVICE_{HOST,PORT} envs, because K8s sets those automatically. can you try to run it again without modifying these envs ?

clementnuss commented 10 months ago

closing without further info