K
Q

--insecure-skip-tls-verify doesn't work with kubefed join

4/22/2018

I'm trying to add a clusters to federation using kubefed join : this is the federation kube config file :

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://k8s-apiserver.cluster.local:8443
  name: kubernetes
- cluster:
    certificate-authority-data: REDACTED
    server: https://172.16.1.4:32471
  name: federation
- cluster:
    insecure-skip-tls-verify: true
    server: https://139.54.130.49:32046
  name: kubernetes-s1
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: kubectl
  name: default-context
- context:
    cluster: federation
    user: federation
  name: federation
- context:
    cluster: kubernetes
    namespace: kube-system
    user: kubectl
  name: kube-system-context
- context:
    cluster: kubernetes-s1
    namespace: default
    user: kubernetes-admins1
  name: kubernetes-admin-s1
current-context: federation
kind: Config
preferences: {}
users:
- name: federation
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    token: e7506989-42eb-11e8-bf70-fa163eb593a3
- name: federation-basic-auth
  user:
    password: e7506937-42eb-11e8-bf70-fa163eb593a3
    username: admin
- name: kubectl
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: kubernetes-admins1
  user:
    token: eyJhbGciOiJSUz............

i run this command : kubefed join site-1 --host-cluster-context=default-context --cluster-context=kubernetes-admin-s1 --insecure-skip-tls-verify=true, the cluster is created but with offline status , is not reacheable ; I'm using token bearer to reach the api server of the target cluster; where am I going wrong ?

kubectl describe clusters
Name:         site-1
Namespace:    
Labels:       <none>
Annotations:  federation.kubernetes.io/cluster-role-name=federation-controller-manager:federation-site-1-default-context
              federation.kubernetes.io/servive-account-name=site-1-default-context
API Version:  federation/v1beta1
Kind:         Cluster
Metadata:
  Creation Timestamp:  2018-04-22T17:37:40Z
  Resource Version:    1347
  Self Link:           /apis/federation/v1beta1/clusters/site-1
  UID:                 daf922d2-4653-11e8-aded-f225b0c7c174
Spec:
  Secret Ref:
    Name:  site-1-w4vv6
  Server Address By Client CID Rs:
    Client CIDR:     0.0.0.0/0
    Server Address:  https://139.54.130.49:32046
Status:
  Conditions:
    Last Probe Time:       2018-04-22T18:09:43Z
    Last Transition Time:  2018-04-22T17:37:42Z
    Message:               cluster is not reachable
    Reason:                ClusterNotReachable
    Status:                True
    Type:                  Offline
Events:                    <none>
-- MelDev
kubectl
kubernetes

Similar Questions

HA Master Node for K8s Cluster in Raspberry Pi
Connect App on App Engine to cluster running on GKE
GKE extended memory and Kubernetes memory allocatable
Kubernetes ingress nginx controller routing using HTTP headers
How to configure kube-prometheus-stack helm installation to scrape a Kubernetes service?
Is there a way to use AKVS variables for Istio Traffic Shifting?

1 Answer

4/23/2018

Based on the source code, that message means exactly what it says:

The cluster is not reachable, because the cluster endpoint https://139.54.130.49:32046 is not reachable from the controller.

So, just check if the endpoint is correct and available for connecting from the controller.

-- Anton Kostenko
Source: StackOverflow