K
Q

Question

Login to kube-apiserver failed when using Loadbalancer in HA Kubernetes Cluster

8/6/2019

I have HA kubernetes cluster (3 master, 1 worker). Everything is working fine but there is one weird issue that I can't figure out.

I am not being able to login to kube-apiserver using NLB dns.

But when I use primary master dns directly, I can easily logon to the api-server

Can someone please help me out what I am doing wrong?

Let me know if you guys need more information, I am new to kubernetes so bear with me :-)

P.S

Kubeadm-master.conf file:

apiServer:
    certSANs:
    - 172.31.49.104
    - ec2-34-220-78-44.us-west-2.compute.amazonaws.com
    - ec2-34-220-78-44
    - ****.elb.us-west-2.amazonaws.com
    - 127.0.0.1
    - 34.215.148.227
    - dev.scaleops.info
    - 172.31.60.93
    - kubernetes.default
    - kubernetes.default.svc.cluster.local
    - ec2-54-214-181-46.us-west-2.compute.amazonaws.com
    - ip-172-31-55-29
    - ip-172-31-55-29.us-west-2.compute.internal
    - 54.214.181.46
    - 172.31.55.29
    - ec2-52-88-27-208.us-west-2.compute.amazonaws.com
    - ip-172-31-57-26
    - ip-172-31-57-26.us-west-2.compute.internal
    - 52.88.27.208
    - 172.31.57.26
    extraArgs:
        apiserver-count: '3'
        endpoint-reconciler-type: lease
        service-node-port-range: 79-32767
    timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta1
clusterName: dev
controlPlaneEndpoint: 34.215.148.227:6443
controllerManager: {}
etcd:
    external:
        caFile: /etc/kubernetes/pki/etcd/ca.crt
        certFile: /etc/kubernetes/pki/apiserver-etcd-client.crt
        endpoints:
        - https://172.31.49.104:2379
        - https://172.31.55.29:2379
        - https://172.31.57.26:2379
        keyFile: /etc/kubernetes/pki/apiserver-etcd-client.key
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.13.6
networking:
    podSubnet: 10.162.0.0/22

---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
localAPIEndpoint:
    advertiseAddress: 34.215.148.227
    bindPort: 6443
nodeRegistration:
    taints:
    -   effect: NoSchedule
        key: node-role.kubernetes.io/master

---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
clusterCIDR: 10.162.0.0/22
kind: KubeProxyConfiguration
mode: ipvs

---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration

NLB is working fine, pointing to all three masters at port 6443.

-- Waqar Ahmed

aws-load-balancer

kube-apiserver

kubernetes

kubernetes-dashboard

K
Q

Login to kube-apiserver failed when using Loadbalancer in HA Kubernetes Cluster

Similar Questions

0 Answers

KQ

Login to kube-apiserver failed when using Loadbalancer in HA Kubernetes Cluster

Similar Questions

0 Answers

K
Q