K
Q

Default token mount failing with Kubeadm setup

10/29/2016

The setup:

  • 4 Centos7 nodes on AWS us-west-2
  • Set up using kubeadm-1.5.0alpha according to the offical kubeadm getting started documentation
  • using weave network
  • net.bridge.bridge-nf-call-iptables is enabled
  • firewalld isn't running
  • selinux is disabled
  • all traffic is allowed in the security profile between the 4 nodes

However, the weave network refuses to come together, due to being unable to mount the secrets volume for the cluster:

  FirstSeen LastSeen    Count   From                SubobjectPath   Type        Reason      Message
  --------- --------    -----   ----                -------------   --------    ------      -------
  45m       45m     3   {kubelet ip-172-31-37-146}          Warning     FailedMount MountVolume.SetUp failed for volume "kubernetes.io/secret/48d5ac16-9d5b-11e6-b0de-069ffaa52cc1-default-token-4lc8l" (spec.Name: "default-token-4lc8l") pod "48d5ac16-9d5b-11e6-b0de-069ffaa52cc1" (UID: "48d5ac16-9d5b-11e6-b0de-069ffaa52cc1") with: Get https://172.31.47.69:443/api/v1/namespaces/kube-system/secrets/default-token-4lc8l: dial tcp 172.31.47.69:443: getsockopt: connection refused

That IP address is correct. If I curl it from one of the hosts, I get "unauthorized" so it seems to be working.

I haven't seen this particular issue before, and searching on it doesn't turn anything up. Ideas?

-- FuzzyChef
kubeadm
kubernetes

Similar Questions

No host binding
Forward HTTPS client ip from Google Container Engine
GKE: Scheduled Jobs
kube-proxy: iptables-DNAT-rules for services missing

1 Answer

1/11/2017

You may need to check the security group for weave-net port.

-- Hua Zhang
Source: StackOverflow