I have HA kubernetes cluster (3 master, 1 worker). Everything is working fine but there is one weird issue that I can't figure out.
I am not being able to login to kube-apiserver using NLB dns.
But when I use primary master dns directly, I can easily logon to the api-server
Can someone please help me out what I am doing wrong?
Let me know if you guys need more information, I am new to kubernetes so bear with me :-)
P.S
Kubeadm-master.conf file:
apiServer:
certSANs:
- 172.31.49.104
- ec2-34-220-78-44.us-west-2.compute.amazonaws.com
- ec2-34-220-78-44
- ****.elb.us-west-2.amazonaws.com
- 127.0.0.1
- 34.215.148.227
- dev.scaleops.info
- 172.31.60.93
- kubernetes.default
- kubernetes.default.svc.cluster.local
- ec2-54-214-181-46.us-west-2.compute.amazonaws.com
- ip-172-31-55-29
- ip-172-31-55-29.us-west-2.compute.internal
- 54.214.181.46
- 172.31.55.29
- ec2-52-88-27-208.us-west-2.compute.amazonaws.com
- ip-172-31-57-26
- ip-172-31-57-26.us-west-2.compute.internal
- 52.88.27.208
- 172.31.57.26
extraArgs:
apiserver-count: '3'
endpoint-reconciler-type: lease
service-node-port-range: 79-32767
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta1
clusterName: dev
controlPlaneEndpoint: 34.215.148.227:6443
controllerManager: {}
etcd:
external:
caFile: /etc/kubernetes/pki/etcd/ca.crt
certFile: /etc/kubernetes/pki/apiserver-etcd-client.crt
endpoints:
- https://172.31.49.104:2379
- https://172.31.55.29:2379
- https://172.31.57.26:2379
keyFile: /etc/kubernetes/pki/apiserver-etcd-client.key
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.13.6
networking:
podSubnet: 10.162.0.0/22
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 34.215.148.227
bindPort: 6443
nodeRegistration:
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
clusterCIDR: 10.162.0.0/22
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
NLB is working fine, pointing to all three masters at port 6443.