I've setup 3 nodes on a cluster following https://linuxacademy.com/blog/containers/building-a-three-node-kubernetes-cluster-quick-guide/. I have all the visible from the control plane. When I try to run:
kubectl get nodesfrom a worker node however, I get:
x509: certificate signed by unknown authority.If I try:
kubectl get nodes --insecure-skip-tls-verify=trueI get:
the server doesn't have a resource type "nodes"The api-server logs:
Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure",
"message":"pods \"kube-apiserver-user1c.mylabserver.com\" not found",
"reason":"NotFound","details":{"name":"kube-apiserver-user1c.mylabserver.com",
"kind":"pods"},"code":404}kube-apiserver-user1c.mylabserver.com very much does exist, however
Logs for api-server show:
http: TLS handshake error from worker_node_ip:37596: remote error: tls: bad certificate`So it very much looks like it doesn't like the certificate. I haven't been able to solve this issue. Any help is appreciated.
I followed steps form this article and checked this lab on LinuxAcademy.
In article which was posted on Posted on March 20, 2019 when kubernetes version was ~1.12 which is quite old (current version is 1.18).
However in article, they are using packages.cloud.google.com which downloads latest version of kubectl and kubeadm. According to this article, you will have latest version of docker(19.03), kubeadm(1.18), kubectl(1.18) but link to CNI in article is to Flannel which was compatible with Kubernetes 1.12.
If you followed this article these days you would get error like:
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"This issue occurs because between Kubernetes 1.15 and 1.16 there was huge chage in apiVersion.
In LinuxAcademy, they used proper version to Flannel CNI which was Kubernetes and Kubeadm in version 1.12.
$ sudo apt-get install -y kubelet=1.12.7-00 kubeadm=1.12.7-00 kubectl=1.12.7-00For current version of Kubectl you should use this link to apply CNIs
Regarding issue with certificates, when you use command:
$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16you are getting all defaults settings (also certs). More information you can find in Kbueadm Initialisation. After that you should get join command which should be use on worker nodes to add them to cluster. After that, it should automatically configure node. For more information about Join can be found here.
Good lab would be to try install kubeadm based on Kubernetes docs.
Last thing I want to mention is that, as you have 1 master node and 2 worker nodes. You should execute commands only on master node. Worker nodes shouldn't run kubectl.