K
Q

kube-discovery fails to start when using kubeadm

11/22/2016

I'm trying to install a cluster using kubeadm, using this guide. I'm installing it on bare metal Ubuntu 16.04 server.

Docker is already preinstalled:

root@host# docker -v
Docker version 1.12.3, build 6b644ec

After executing the following:

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl kubernetes-cni

I run 'kubeadm init', and it hangs on the kube-discovery addon:

root@host# kubeadm init
Running pre-flight checks
<master/tokens> generated token: "<token>"
<master/pki> generated Certificate Authority key and certificate:
Issuer: CN=kubernetes | Subject: CN=kubernetes | CA: true
Not before: 2016-11-22 15:27:25 +0000 UTC Not After: 2026-11-20 15:27:25 +0000 UTC
Public: /etc/kubernetes/pki/ca-pub.pem
Private: /etc/kubernetes/pki/ca-key.pem
Cert: /etc/kubernetes/pki/ca.pem
<master/pki> generated API Server key and certificate:
Issuer: CN=kubernetes | Subject: CN=kube-apiserver | CA: false
Not before: 2016-11-22 15:27:25 +0000 UTC Not After: 2017-11-22 15:27:25 +0000 UTC
Alternate Names: [<ipaddress> kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local]
Public: /etc/kubernetes/pki/apiserver-pub.pem
Private: /etc/kubernetes/pki/apiserver-key.pem
Cert: /etc/kubernetes/pki/apiserver.pem
<master/pki> generated Service Account Signing keys:
Public: /etc/kubernetes/pki/sa-pub.pem
Private: /etc/kubernetes/pki/sa-key.pem
<master/pki> created keys and certificates in "/etc/kubernetes/pki"
<util/kubeconfig> created "/etc/kubernetes/kubelet.conf"
<util/kubeconfig> created "/etc/kubernetes/admin.conf"
<master/apiclient> created API client configuration
<master/apiclient> created API client, waiting for the control plane to become ready
<master/apiclient> all control plane components are healthy after 44.584082 seconds
<master/apiclient> waiting for at least one node to register and become ready
<master/apiclient> first node is ready after 1.003104 seconds
<master/apiclient> attempting a test deployment
<master/apiclient> test deployment succeeded
<master/discovery> created essential addon: kube-discovery, waiting for it to become ready

I can see that this pod is restarting:

root@host# kubectl get pods --all-namespaces=true
NAMESPACE     NAME                                                               READY     STATUS             RESTARTS   AGE
kube-system   dummy-2088944543-dsjtb                                             1/1       Running            0          29m
kube-system   etcd-host.test.com                      1/1       Running            0          29m
kube-system   kube-apiserver-host.test.com            1/1       Running            0          30m
kube-system   kube-controller-manager-host.test.com   1/1       Running            0          29m
kube-system   kube-discovery-1150918428-ulap3                                    0/1       CrashLoopBackOff   10         29m
kube-system   kube-scheduler-host.test.com            1/1       Running            0          29m

root@host# kubectl logs kube-discovery-1150918428-ulap3 --namespace=kube-system
2016/11/22 13:31:32 root CA certificate does not exist: /tmp/secret/ca.pem

Do I need to provide it a certificate?

-- A. Karasik
kubernetes

Similar Questions

Kubernetes 1.4 SSL Termination on AWS
Google Container Engine (Kubernetes): Websocket (Socket.io) not working on multiple replicas
kubernetes, kubeconfig file structure
Why is my DataDog instance reporting a Kubernetes "no_pod"?

1 Answer

12/2/2016

What specific version of kubernetes are you trying to install? You can check it with:

apt-get policy kubelet
-- jonas kint
Source: StackOverflow