Open juddmaltin-dell opened 8 years ago
Turns out the node certs created by the openshift-on-openstack (or openshift-ansible, dunno yet) are invalid.
https://github.com/openshift/origin-metrics/issues/168
Have a look at that thread. It seems this issue only occurs during direct node access.
Let's debug.
Hi sorry, I overlooked this issue. I guess it's not solved yet, is it? My first guess is that it might be caused by the fact that we use a separate network for inter-pod communication and node's IP for this network is missing in the node's certificate alternative hostnames. I'll see if I can reproduce this locally, but tot sure now what is a simplest reproducer now.
I'm seeing two types of errors in my heapster pod logs:
DNS lookup errors:
and Cert errors:
10.9.0.4 - That's my cluster_network. openshift-on-openstack has some extra networks.
OpenShift is listening on 53:UDP I also have a DNS server on a separate VM for access from outside. /etc/resolv.conf on my OpenShift VMs point to that external DNS server.
Here's an AXFR from that DNS server:
Any hints? Do I really have to gen my own certs? Frowny. If I change my /etc/resolv.conf to point to wherever OpenShift is listening 53:UDP, will that fail the system?
Bonus question: Since the hawkular-metrics.example.com name is in the OpenShift DNS, where do I tell the openshift-infra VM's BIND to look for the address? Should I just put the IP address of the router, and hope that it resolves correctly?
Can't this all be done with names?
Many thanks! -judd