Kubernetes api server configuration file in documents is missing some required parameters

[bigstevebennett]

Describe the bug

I'm following the documents on https://vmware.github.io/photon/docs/user-guide/kubernetes-on-photon-os/running-kubernetes-on-photon-os/configure-kubernetes-on-master/ and attempting to configure and start the api-server using config file /etc/kubernetes/apiserver which defines flags for the service target.

The documents specify KUBE_API_ADDRESS should be set however --address flag is deprecated according to the error log and it is missing some flags as reported when i try to start the service:

--service-account-signing-key-file and --service-account-issuer

Reproduction steps

1.Configure /etc/kubernetes/apiserver with the following text as per the doco:

# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=0.0.0.0"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:4001"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

# Add your own
KUBE_API_ARGS=""

2.Attempt to start api server:

[ ~ ]# systemctl start kube-apiserver.service
Job for kube-apiserver.service failed because the control process exited with error code.
See "systemctl status kube-apiserver.service" and "journalctl -xe" for details.

3. View output from journalctl -xe

...
Mar 16 06:57:54 mtck8m001 kube-controller-manager[175]: E0316 06:57:54.598769     175 leaderelection.go:330] error retrieving resource lock kube-system/kube-controller-manager: Get "http://mtck8m001.globaler>
Mar 16 06:57:54 mtck8m001 kube-apiserver[782]: Flag --address has been deprecated, This flag has no effect now and will be removed in v1.24.
Mar 16 06:57:54 mtck8m001 kube-apiserver[782]: I0316 06:57:54.636658     782 server.go:553] external host was not specified, using 172.30.209.42
Mar 16 06:57:54 mtck8m001 kube-apiserver[782]: W0316 06:57:54.636757     782 authentication.go:524] AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer
Mar 16 06:57:54 mtck8m001 kube-apiserver[782]: Error: [service-account-issuer is a required flag, --service-account-signing-key-file and --service-account-issuer are required flags]
Mar 16 06:57:54 mtck8m001 systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
...

Expected behavior

Expected service kube-apiserver.service to start.

I think there are additional configuration requirements perhaps with the latest packaged version. Apologies as I'm very new to kubernetes installation and was hoping for a quick start with this guide. If I can get this working I'm happy to post an update.

Many thanks.

Additional context

No response

[iakobj]

I have the same issue

Linux photon-machine 5.10.103-2.ph4-esx #1-photon SMP Tue Mar 22 03:00:01 UTC 2022 x86_64 GNU/Linux

root@photon-machine [ ~ ]# systemctl status kube-apiserver
● kube-apiserver.service - Kubernetes API Server
     Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2022-04-01 12:49:46 UTC; 23s ago
       Docs: https://github.com/GoogleCloudPlatform/kubernetes
    Process: 729 ExecStart=/usr/bin/kube-apiserver $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_AD
MISSION_CONTROL $KUBE_API_ARGS (code=exited, status=1/FAILURE)
   Main PID: 729 (code=exited, status=1/FAILURE)

Apr 01 12:49:45 photon-machine systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
Apr 01 12:49:45 photon-machine systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Apr 01 12:49:45 photon-machine systemd[1]: Failed to start Kubernetes API Server.
Apr 01 12:49:46 photon-machine systemd[1]: kube-apiserver.service: Scheduled restart job, restart counter is at 7.
Apr 01 12:49:46 photon-machine systemd[1]: Stopped Kubernetes API Server.
Apr 01 12:49:46 photon-machine systemd[1]: kube-apiserver.service: Start request repeated too quickly.
Apr 01 12:49:46 photon-machine systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Apr 01 12:49:46 photon-machine systemd[1]: Failed to start Kubernetes API Server.

[srikanthkotagiri-discovery]

The root cause is related to kube-apiserver making few parameters mandatory after 1.19

[aryapramudika]

not fixed yet? i have same problem.

░░ Subject: A start job for unit kube-apiserver.service has begun execution
░░ A start job for unit kube-apiserver.service has begun execution.
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: Flag --logtostderr has been deprecated, will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: Flag --address has been deprecated, This flag has no effect now and will be removed in v1.24.
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: Flag --admission-control has been deprecated, Use --enable-admission-plugins or --disable-admission-plugins instead. Will be removed in a future version.
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: I1125 13:15:03.991016    2004 server.go:565] external host was not specified, using 10.23.2.64
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: W1125 13:15:03.991127    2004 authentication.go:523] AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer
Nov 25 13:15:03 k8s-master kube-apiserver[2004]: E1125 13:15:03.991728    2004 run.go:74] "command failed" err="[service-account-issuer is a required flag, --service-account-signing-key-file and --service-account-issuer are required flags]"
Nov 25 13:15:03 k8s-master systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
░░ An ExecStart= process belonging to unit kube-apiserver.service has exited.
Nov 25 13:15:03 k8s-master systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
░░ The unit kube-apiserver.service has entered the 'failed' state with result 'exit-code'.
░░ Subject: A start job for unit kube-apiserver.service has failed
░░ A start job for unit kube-apiserver.service has finished with a failure.
Nov 25 13:15:04 k8s-master systemd[1]: kube-apiserver.service: Scheduled restart job, restart counter is at 1.
░░ Automatic restarting of the unit kube-apiserver.service has been scheduled, as the result for
░░ Subject: A stop job for unit kube-apiserver.service has finished
░░ A stop job for unit kube-apiserver.service has finished.
░░ Subject: A start job for unit kube-apiserver.service has begun execution
░░ A start job for unit kube-apiserver.service has begun execution.
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: Flag --logtostderr has been deprecated, will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: Flag --address has been deprecated, This flag has no effect now and will be removed in v1.24.
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: Flag --admission-control has been deprecated, Use --enable-admission-plugins or --disable-admission-plugins instead. Will be removed in a future version.
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: I1125 13:15:04.552086    2031 server.go:565] external host was not specified, using 10.23.2.64
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: W1125 13:15:04.552170    2031 authentication.go:523] AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer
Nov 25 13:15:04 k8s-master kube-apiserver[2031]: E1125 13:15:04.552851    2031 run.go:74] "command failed" err="[service-account-issuer is a required flag, --service-account-signing-key-file and --service-account-issuer are required flags]"
Nov 25 13:15:04 k8s-master systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
░░ An ExecStart= process belonging to unit kube-apiserver.service has exited.
"error.txt" 280L, 34956B