FS#73110 - [kube-apiserver] incompatible with kubeadm

Attached to Project: Community Packages
Opened by ivdok (ivdok) - Tuesday, 21 December 2021, 21:28 GMT
Last edited by David Runge (dvzrv) - Saturday, 19 February 2022, 20:14 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To David Runge (dvzrv)
Christian Rebischke (Shibumi)
Morten Linderud (Foxboron)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Kube-apiserver can't start with default settings due to wrong default configuration, and due to that kubeadm can't proceed with install

Additional info:
community/crictl 1.22.0-1
community/helm 3.7.2-1 [installed]
community/kube-apiserver 1.22.4-1
community/kube-controller-manager 1.22.4-1
community/kube-proxy 1.22.4-1
community/kube-scheduler 1.22.4-1
community/kubeadm 1.22.4-1
community/kubectl 1.22.4-1
community/kubelet 1.22.4-1
aur/etcd 3.5.1-1
community/containerd 1.5.8-1

Log during kube-apiserver startup:
Dec 22 00:07:54 rolent systemd[1]: Starting Kubernetes API Server...
Dec 22 00:07:54 rolent kube-apiserver[44178]: W1222 00:07:54.907493 44178 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and w>
Dec 22 00:07:55 rolent kube-apiserver[44178]: Error: error creating self-signed certificates: open /var/run/kubernetes/apiserver.crt: permission denied
Dec 22 00:07:55 rolent systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
Dec 22 00:07:55 rolent systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Dec 22 00:07:55 rolent systemd[1]: Failed to start Kubernetes API Server.
Dec 22 00:07:55 rolent systemd[1]: kube-apiserver.service: Scheduled restart job, restart counter is at 4.
Dec 22 00:07:55 rolent systemd[1]: Stopped Kubernetes API Server.

After adding certificates' dir to env file /etc/kubernetes/kube-apiserver.env:
KUBE_APISERVER_ARGS="--cert-dir /etc/kubernetes/pki"

Results in this error in log:
Dec 22 00:14:13 rolent systemd[1]: Starting Kubernetes API Server...
Dec 22 00:14:13 rolent kube-apiserver[50301]: W1222 00:14:13.147598 50301 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.
Dec 22 00:14:13 rolent kube-apiserver[50301]: Error: error creating self-signed certificates: error reading /etc/kubernetes/pki/apiserver.key, certificate and key must be supplied as a pair
Dec 22 00:14:13 rolent systemd[1]: kube-apiserver.service: Main process exited, code=exited, status=1/FAILURE
Dec 22 00:14:13 rolent systemd[1]: kube-apiserver.service: Failed with result 'exit-code'.
Dec 22 00:14:13 rolent systemd[1]: Failed to start Kubernetes API Server.
Dec 22 00:14:13 rolent systemd[1]: kube-apiserver.service: Scheduled restart job, restart counter is at 5.
Dec 22 00:14:13 rolent systemd[1]: Stopped Kubernetes API Server.

Steps to reproduce:
1. pacman -S cni-plugins kubernetes-control-plane kubeadm kubelet kubectl helm containerd
2. pacman -U etcd.x86-64.tar.zst
3. kubeadm init --pod-network-cidr='100.64.0.0/10' --upload-certs --ignore-preflight-errors=NumCPU,Mem --node-name=rolent --cri-socket=/run/containerd/containerd.sock
This task depends upon

Closed by  David Runge (dvzrv)
Saturday, 19 February 2022, 20:14 GMT
Reason for closing:  No response
Comment by Morten Linderud (Foxboron) - Saturday, 25 December 2021, 11:43 GMT
I don't think this is enough details? It seems like a configuration error as `/etc/kubernetes/pki/apiserver.key` is simply not the correct file? Are you bootstrapping a new node for an existing cluster? Incompatible kubeadm version on the new node versus rest of the cluster?

There is a *lot* of details missing. Please provide more :)

Loading...