New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubelet won't read apiserver from kubeconfig #36745
Comments
I repeated on 1.4.5 with the same results |
@dims That issue is related and seems to suggest there is no bug. But I am still encountering the issue where Kubelet won't actually communicate with the server located in my kubeconfig. All that bug does is tolerate the absence of kubeconfig (and waits for it to be created, or die if --require-kubeconfig is set). |
Another update. If you specify --kubeconfig, but omit --api-servers and --require-kubeconfig, kubelet won't connect to any apiserver. If you add --require-kubeconfig, it works. Is that expected behavior? |
@smarterclayton, I thought |
@mattymo : please specify which kubernetes version you are trying under :) |
I recall agreeing to that, but I don't know that it was actually changed On Nov 16, 2016, at 1:51 AM, Jordan Liggitt notifications@github.com @smarterclayton https://github.com/smarterclayton, I thought — |
@dims I already wrote, but it is 1.4.3 and 1.4.6 |
Apologies @mattymo ! |
I repeated this error in v1.4.5 If I specify --kubeconfig with --api-servers, it reports
If I specify --kubeconfig only and omit --api-servers, it reports While I did not even saw this log
|
I have the same issue in 1.5.1. |
I see the same behavior on 1.5.2 (node is on same box as api-server, all insecure mode.)
|
correct, |
Thanks for clarifying, I confirmed it worked with |
Tested in 1.6.1, --require-kubeconfig is still required to make this work. We need to be careful, as api-server in this version is being deprecated (still works, but issues a WARNING about this deprecation) and require-kubeconfig is not clear about being used also for api-server connection. Is there any plan to make require-kubeconfig default to true in next versions? Thanks! |
Yes. The plan is to completely remove --api-servers and default --require-kubeconfig to true in 1.7 |
@liggitt anyway, shouldn't we enable --require-kubeconfig for the next version of kubernetes 1.6, by default? This way I think migrations are going to be softer than enabling one and disabling other directly by default in 1.7. Just a suggestion :) |
Actually, I should speak more precisely. In 1.7, the plan is to remove --api-servers and make the presence of the --kubeconfig flag determine whether an API connection is made. The presence of --kubeconfig will require the specified file and the absence of --kubeconfig will mean the kubelet is in standalone mode. |
Looks like |
correct, removing it didn't happen until 1.8 - #40050 |
fixed in 1.8 in #40050 |
Due to a few several small connected patches for the fedora atomic driver, this patch includes 4 smaller patches. Patch 1: k8s: Do not start kubelet and kube-proxy on master Patch [1], misses the removal of kubelet and kube-proxy from enable-services-master.sh and therefore they are started if they exist in the image or the script will fail. https://review.openstack.org/#/c/533593/ Closes-Bug: #1726482 Patch 2: k8s: Set require-kubeconfig when needed From kubernetes 1.8 [1] --require-kubeconfig is deprecated and in kubernetes 1.9 it is removed. Add --require-kubeconfig only for k8s <= 1.8. [1] kubernetes/kubernetes#36745 Closes-Bug: #1718926 https://review.openstack.org/#/c/534309/ Patch 3: k8s_fedora: Add RBAC configuration * Make certificates and kubeconfigs compatible with NodeAuthorizer [1]. * Add CoreDNS roles and rolebindings. * Create the system:kube-apiserver-to-kubelet ClusterRole. * Bind the system:kube-apiserver-to-kubelet ClusterRole to the kubernetes user. * remove creation of kube-system namespaces, it is created by default * update client cert generation in the conductor with kubernetes' requirements * Add --insecure-bind-address=127.0.0.1 to work on multi-master too. The controller manager on each node needs to contact the apiserver (on the same node) on 127.0.0.1:8080 [1] https://kubernetes.io/docs/admin/authorization/node/ Closes-Bug: #1742420 Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab https://review.openstack.org/#/c/527103/ Patch 4: k8s_fedora: Update coredns config to pass e2e To pass the e2e conformance tests, coredns needs to be configured with POD-MODE verified. Otherwise, pods won't be resolvable [1]. [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes https://review.openstack.org/#/c/528566/ Closes-Bug: #1738633 Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de
Due to a few several small connected patches for the fedora atomic driver, this patch includes 4 smaller patches. Patch 1: k8s: Do not start kubelet and kube-proxy on master Patch [1], misses the removal of kubelet and kube-proxy from enable-services-master.sh and therefore they are started if they exist in the image or the script will fail. https://review.openstack.org/#/c/533593/ Closes-Bug: #1726482 Patch 2: k8s: Set require-kubeconfig when needed From kubernetes 1.8 [1] --require-kubeconfig is deprecated and in kubernetes 1.9 it is removed. Add --require-kubeconfig only for k8s <= 1.8. [1] kubernetes/kubernetes#36745 Closes-Bug: #1718926 https://review.openstack.org/#/c/534309/ Patch 3: k8s_fedora: Add RBAC configuration * Make certificates and kubeconfigs compatible with NodeAuthorizer [1]. * Add CoreDNS roles and rolebindings. * Create the system:kube-apiserver-to-kubelet ClusterRole. * Bind the system:kube-apiserver-to-kubelet ClusterRole to the kubernetes user. * remove creation of kube-system namespaces, it is created by default * update client cert generation in the conductor with kubernetes' requirements * Add --insecure-bind-address=127.0.0.1 to work on multi-master too. The controller manager on each node needs to contact the apiserver (on the same node) on 127.0.0.1:8080 [1] https://kubernetes.io/docs/admin/authorization/node/ Closes-Bug: #1742420 Depends-On: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab https://review.openstack.org/#/c/527103/ Patch 4: k8s_fedora: Update coredns config to pass e2e To pass the e2e conformance tests, coredns needs to be configured with POD-MODE verified. Otherwise, pods won't be resolvable [1]. [1] https://github.com/coredns/coredns/tree/master/plugin/kubernetes https://review.openstack.org/#/c/528566/ Closes-Bug: #1738633 Change-Id: Ibd5245ca0f5a11e1d67a2514cebb2ffe8aa5e7de
Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see http://kubernetes.io/docs/troubleshooting/.):
No
What keywords did you search in Kubernetes issues before filing this one?
kubelet kubeconfig
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
Bug report
Kubernetes version (use
kubectl version
):Client Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.3+coreos.0", GitCommit:"7819c84f25e8c661321ee80d6b9fa5f4ff06676f", GitTreeState:"clean", BuildDate:"2016-10-17T21:19:17Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"4", GitVersion:"v1.4.3+coreos.0", GitCommit:"7819c84f25e8c661321ee80d6b9fa5f4ff06676f", GitTreeState:"clean", BuildDate:"2016-10-17T21:19:17Z", GoVersion:"go1.6.3", Compiler:"gc", Platform:"linux/amd64"}
Environment:
Cloud provider or hardware configuration:
OS (e.g. from /etc/os-release): Ubuntu Xenial 16.04
Kernel (e.g.
uname -a
): Linux node1 4.4.0-36-generic Typo correction #55-Ubuntu SMP Thu Aug 11 18:01:55 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxInstall tools: Kargo (Ansible-based)
Others:
What happened:
--api-servers option is deprecated for kubelet, so I am now trying to deploy with simply using --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
The error in kubelet log is:
W1114 12:00:28.684692 31989 server.go:383] No API client: no api servers specified
What you expected to happen:
Kubelet should start and register itself to my kube apiserver
How to reproduce it (as minimally and precisely as possible):
Execution call:
hyperkube kubelet --v=2 --address=10.90.0.2 --hostname-override=node1 --allow-privileged=true --cluster_dns=10.233.0.2 --cluster_domain=cluster.local --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml --pod-manifest-path=/etc/kubernetes/manifests --resolv-conf=/etc/resolv.conf --pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.0 --network-plugin=cni --network-plugin-dir=/etc/cni/net.d
kubeconfig:
Anything else do we need to know:
Kubelet works fine with --api-servers specified, but not when reading the server field in kubeconfig. The results are the same when trying to connect to http or https-based apiserver.
The text was updated successfully, but these errors were encountered: