K
Q

Main process exited, code=exited, status=203/EXEC

12/8/2020

I am getting following errors in syslog while trying to systemctl start kube-apiserver

Dec 8 16:29:42 mySystem systemd8722: kube-apiserver.service: Failed to execute command: Permission denied Dec 8 16:29:42 mySystem systemd8722: kube-apiserver.service: Failed at step EXEC spawning /usr/local/bin/kube-apiserver: Permission denied Dec 8 16:29:42 mySystem systemd1: kube-apiserver.service: Main process exited, code=exited, status=203/EXEC Dec 8 16:29:42 mySystem systemd1: kube-apiserver.service: Failed with result 'exit-code'.

MY sysd config looks like this:

Unit Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes

Service User=kube-apiserver ExecStart=/usr/local/bin/kube-apiserver \ --advertise-address= \ --allow-privileged=true \ --apiserver-count=3 \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/var/log/audit.log \ --authorization-mode=Node,RBAC \ --bind-address=0.0.0.0 \ --client-ca-file=/var/lib/kubernetes/ca.crt \ --enable-admission-plugins=NodeRestriction,ServiceAccount \ --enable-swagger-ui=true \ --enable-bootstrap-token-auth=true \ --etcd-cafile=/var/lib/kubernetes/ca.crt \ --etcd-certfile=/var/lib/kubernetes/etcd-server.crt \ --etcd-keyfile=/var/lib/kubernetes/etcd-server.key \ --etcd-servers=http://:2380 \ --event-ttl=1h \ --encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml \ --kubelet-certificate-authority=/var/lib/kubernetes/ca.crt \ --kubelet-client-certificate=/var/lib/kubernetes/kube-apiserver.crt \ --kubelet-client-key=/var/lib/kubernetes/kube-apiserver.key \ --kubelet-https=true \ --runtime-config=api/all \ --service-account-key-file=/var/lib/kubernetes/service-account.crt \ --service-cluster-ip-range=10.96.0.0/24 \ --service-node-port-range=30000-32767 \ --tls-cert-file=/var/lib/kubernetes/kube-apiserver.crt \ --tls-private-key-file=/var/lib/kubernetes/kube-apiserver.key \ --v=2 Restart=on-failure RestartSec=5

Install WantedBy=multi-user.target

For a background I am doing a manual kube deployment for some learning purpose.

-- Maven
kubernetes
linux
ubuntu

Similar Questions

Kubernetes for multiple user app with specific isolated resource for each project
Create an Ingress resource in Minikube
Adding news lines when defining collection
Joining cluster takes forever
Kubernetes Zero Downtime deployment not working - Gives 503 Service Temporarily Unavailable

1 Answer

12/9/2020

Within the information that you provided I suspect that you have some permission/privileges issue which indicates this error: 

"Failed at step EXEC spawning /usr/local/bin/kube-apiserver: Permission denied"

You are trying to start the service with User=kube-apiserver which I think don`t have enough privileges. <br>

If you wish to learn how to bootstrap Kubernetes cluster by yourself there are two good ways to do that:

1 . With Kubeadm which allows you to create and manage Kubernetes clusters. It performs the actions necessary to get a minimum viable, secure cluster up and running in user friendly way.

Here's how to install it, and here is information how to create your cluster.

  1. With Kelsey's Kubernetes the Hard Way. This is a opposite way to kubeadm and it will guide you thru all the step/task of boostraping a Kubernetes cluster.

It has a section about manual bootsrapping kubernetes cluster with usage of Kubernetes binaries and section about API server.

-- acid_fuji
Source: StackOverflow