K
Q

How to change Kubernetes configuration key file from controller-manager and apiserver to point to the same x509 RSA key?

7/6/2018

I am having tiller panic crash as detailed in helm FAQ (https://docs.helm.sh/using_helm/) under the question
Q: Tiller crashes with a panic:
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation...

The FAQ answer suggests

To fix this, you will need to change your Kubernetes configuration. Make sure that --service-account-private-key-file from controller-manager and --service-account-key-file from apiserver point to the same x509 RSA key.

I've tried to search online and read the docs at (https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) which states

You must pass a service account private key file to the token controller in the controller-manager by using the --service-account-private-key-file option. The private key will be used to sign generated service account tokens. Similarly, you must pass the corresponding public key to the kube-apiserver using the --service-account-key-file option. The public key will be used to verify the tokens during authentication.

and the docs at https://kubernetes.io/docs/reference/access-authn-authz/authentication/
The docs explain concepts well, but no specifics on actually changing the config.

How do I change my Kubernetes configuration as the FAQ answer suggests?

Make sure that --service-account-private-key-file from controller-manager and --service-account-key-file from apiserver point to the same x509 RSA key.

Details:
using kops and gossip based k8s cluster

-- cryanbhu
kops
kubernetes
kubernetes-helm

Similar Questions

How to find out why mounting an emptyDir volume fails in Kubernetes?
Setting up HTTP+HTTPs and TCP ports on a LoadBalancer (Want to forward GitLab SSH and Web)
change the annotation for node-selector for openshift namespace
kubectl - cert manager - credentials not found
How do I update an on-premise Kubernetes API server to enable OIDC with Dex?
Gitlab AutoDeploy unable to deploy K8s cluster on GKE
kubernetes flannel network is not working
Error extracting container id - source value does not contain matcher's logs_path '/var/lib/docker/containers/'
Can't find replicaset kube state metrics in Prometheus

1 Answer

7/6/2018

I have found through trial and error that helm ls seems to have a bug for my setup, or maybe helm ls is expected to show the error if there are no releases to be shown.

Right after helm init, helm ls would show the error panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation...,
but if you just went ahead and used helm,
e.g. helm install stable/<package>, the chart is deployed successfully.

And after the charts are deployed, calling helm ls no longer returns the error, and correctly shows the deployed charts (releases).
I have confirmed it using kubectl get pods, kubectl get services and kubectl get deployments, the released objects are all running.

-- cryanbhu
Source: StackOverflow