Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Changing the default Kubernetes certificate location results in a cluster deployment error #1661

Closed
przemyslavic opened this issue Sep 16, 2020 · 1 comment
Closed

[BUG] Changing the default Kubernetes certificate location results in a cluster deployment error #1661

przemyslavic opened this issue Sep 16, 2020 · 1 comment
Assignees
@atsikham @przemyslavic
Labels
area/kubernetes type/bug

Comments

@przemyslavic
Copy link
Collaborator

przemyslavic commented Sep 16, 2020
edited
Loading

Describe the bug
Changing the default Kubernetes certificate location results in a cluster deployment error - the installations fails trying to initialize the cluster while the kubelet service is not running.

To Reproduce
Steps to reproduce the bug:

  1. Deploy a new cluster from develop branch with the configuration given below (changing the default certificate location /etc/kubernetes/pki to a different one): epicli apply -f test.yml

Config files

---
kind: configuration/kubernetes-master
title: "Kubernetes Master Config"
name: default
provider: azure
specification:
  advanced:
    certificates:
      location: /etc/kube-certs/pki
      expiration_days: 365
      renew: false

Expected behavior
The cluster has been deployed successfully.

OS (please complete the following information):

  • OS: [all]

Cloud Environment (please complete the following information):

  • Cloud Provider [all]

Additional context
Log:

2020-09-15T12:54:22.1590201Z    [38;21m12:54:22 INFO cli.engine.ansible.AnsibleCommand - TASK [kubernetes_master : Initialize Kubernetes cluster] ***********************    [0m
2020-09-15T12:58:27.4272444Z    [31;21m12:58:27 ERROR cli.engine.ansible.AnsibleCommand - fatal: [ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com]: FAILED

This error is likely caused by:\n\t\t- The kubelet is not running\n\t\t- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)\n\n\tIf you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:\n\t\t- 'systemctl status kubelet'\n\t\t- 'journalctl -xeu kubelet'

The problem is that the path /etc/kubernetes/pki is hardcoded in many places and therefore we are not able to change the certificate locations in one place at the moment. In my opinion, we should control this parameter in one place.
@atsikham atsikham self-assigned this Oct 18, 2021
@atsikham atsikham mentioned this issue Oct 20, 2021
Merged
@przemyslavic przemyslavic self-assigned this Oct 28, 2021
@przemyslavic
Copy link
Collaborator Author

✔️ apply
✔️ re-apply
✔️ apply HA cluster
✔️ upgrade from v 1.0.1 to 1.3.0dev

@mkyc mkyc closed this as completed Nov 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atsikham atsikham

@przemyslavic przemyslavic

Labels
area/kubernetes type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@atsikham @mkyc @przemyslavic