Lab 3.2. Grow the Cluster // Impossible to list token

Hello,
Somebody can help me !
When i execute the command to list the token, i receive error below:
~$ sudo kubeadm token list
failed to list bootstrap tokens: Get "https://ubuntu-master:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type=bootstrap.kubernetes.io/token": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
To see the stack trace of this error execute with --v=5 or higher
Comments
-
Hi @zizibagnon,
After the control-plane node init, did you manage to complete step 16? Are you using the most recent
.kube/config
file?Regards,
-Chris0 -
HI . I have the same problem. I used the last version of config file accrding with the steps described in lab. I am working in my local laptop with Virtual Box. I saw the IP address for my cp node (192.168.0.19) is in the same class of configuration file decalred for calico (192.168.0.0/16). could be the reason in my case?
[email protected]:~/.kube$ sudo kubeadm token list --v=10
I0601 15:38:25.699172 5425 cmdutil.go:90] Using kubeconfig file: /etc/kubernetes/admin.conf
I0601 15:38:25.699640 5425 loader.go:374] Config loaded from file: /etc/kubernetes/admin.conf
I0601 15:38:25.700129 5425 token.go:365] [token] preparing selector for bootstrap token
I0601 15:38:25.700175 5425 token.go:375] [token] retrieving list of bootstrap tokens
I0601 15:38:25.700275 5425 round_trippers.go:466] curl -v -XGET -H "User-Agent: kubeadm/v1.25.1 (linux/amd64) kubernetes/e4d4e1a" -H "Accept: application/json, /" 'https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type=bootstrap.kubernetes.io/token'
I0601 15:38:25.700493 5425 round_trippers.go:495] HTTP Trace: DNS Lookup for k8scp resolved to [{192.168.0.19 }]
I0601 15:38:25.700618 5425 round_trippers.go:508] HTTP Trace: Dial to tcp:192.168.0.19:6443 failed: dial tcp 192.168.0.19:6443: connect: connection refused
I0601 15:38:25.700630 5425 round_trippers.go:553] GET https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type=bootstrap.kubernetes.io/token in 0 milliseconds
I0601 15:38:25.700636 5425 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 0 ms Duration 0 ms
I0601 15:38:25.700640 5425 round_trippers.go:577] Response Headers:
Get "https://k8scp:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type=bootstrap.kubernetes.io/token": dial tcp 192.168.0.19:6443: connect: connection refused
failed to list bootstrap tokens
k8s.io/kubernetes/cmd/kubeadm/app/cmd.RunListTokens
cmd/kubeadm/app/cmd/token.go:378
k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdToken.func2
cmd/kubeadm/app/cmd/token.go:172
github.com/spf13/cobra.(Command).execute
vendor/github.com/spf13/cobra/command.go:856
github.com/spf13/cobra.(Command).ExecuteC
vendor/github.com/spf13/cobra/command.go:974
github.com/spf13/cobra.(*Command).Execute
vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/cmd/kubeadm/app.Run
cmd/kubeadm/app/kubeadm.go:50
main.main
cmd/kubeadm/kubeadm.go:25
runtime.main
/usr/local/go/src/runtime/proc.go:250
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1594
[email protected]:~/.kube$0 -
Hi @gerardmr1611,
I would encourage you to rebuild your VirtualBox VMs with different IP addresses that do not overlap with the default pod network
192.168.0.0/16
. Also ensure that promiscuous mode is enabled to allow all traffic to each VM, only one bridged network adapter per VM, and there are 2 CPU cores, 6-8 GB RAM, 15-20 GB vdisk per VM.Regards,
-Chris1 -
Hi @chrispokorni.
Thanks for your quicly answer. Unfortunatelly my Internet provider does not allow me to change the configuration of the router that provide ip address via dhcp to my laptop. Is it good idea change the default configuration network for calico and re apply configuration in order to be able to continue with the labs?
0 -
Hi @gerardmr1611,
I meant to reconfigure the VirtualBox DHCP server, not your host machine's IP address. I was successful with a custom vbox network such as 10.200.0.0/16 or /24.
However, you can also rebuild your cluster with a custom pod network, in which case you are required to edit the "calico.yaml" and "kubeadm-config.yaml" manifests.
Regards,
-Chris1 -
Thanks a lot for your help. I used cutom configuration for calico.yaml and kubeadm.config.yaml (use diferent sub network "192.168.0.0/16" and it works:
[email protected]:~$ sudo kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
35nmrm.bfruuv4aumz8zx21 1h 2023-06-01T21:48:59Z Proxy for managing TTL for the kubeadm-certs secret
etbwz5.ik6xvzdjv57hxqqm 23h 2023-06-02T19:49:00Z authentication,signing system:bootstrappers:kubeadm:default-node-token
[email protected]:~$0
Categories
- 10.1K All Categories
- 35 LFX Mentorship
- 88 LFX Mentorship: Linux Kernel
- 504 Linux Foundation Boot Camps
- 279 Cloud Engineer Boot Camp
- 103 Advanced Cloud Engineer Boot Camp
- 48 DevOps Engineer Boot Camp
- 41 Cloud Native Developer Boot Camp
- 2 Express Training Courses
- 2 Express Courses - Discussion Forum
- 1.8K Training Courses
- 17 LFC110 Class Forum
- 5 LFC131 Class Forum
- 19 LFD102 Class Forum
- 148 LFD103 Class Forum
- 13 LFD121 Class Forum
- 61 LFD201 Class Forum
- LFD210 Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- 23 LFD254 Class Forum
- 569 LFD259 Class Forum
- 100 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 1 LFS145 Class Forum
- 23 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 1 LFS203 Class Forum
- 45 LFS207 Class Forum
- 298 LFS211 Class Forum
- 53 LFS216 Class Forum
- 46 LFS241 Class Forum
- 41 LFS242 Class Forum
- 37 LFS243 Class Forum
- 10 LFS244 Class Forum
- 27 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- 131 LFS253 Class Forum
- 997 LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 87 LFS260 Class Forum
- 126 LFS261 Class Forum
- 31 LFS262 Class Forum
- 79 LFS263 Class Forum
- 15 LFS264 Class Forum
- 10 LFS266 Class Forum
- 17 LFS267 Class Forum
- 17 LFS268 Class Forum
- 21 LFS269 Class Forum
- 200 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- 212 LFW211 Class Forum
- 153 LFW212 Class Forum
- 899 Hardware
- 217 Drivers
- 74 I/O Devices
- 44 Monitors
- 115 Multimedia
- 208 Networking
- 101 Printers & Scanners
- 85 Storage
- 749 Linux Distributions
- 88 Debian
- 64 Fedora
- 14 Linux Mint
- 13 Mageia
- 24 openSUSE
- 133 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 355 Ubuntu
- 473 Linux System Administration
- 38 Cloud Computing
- 69 Command Line/Scripting
- Github systems admin projects
- 94 Linux Security
- 77 Network Management
- 108 System Management
- 49 Web Management
- 63 Mobile Computing
- 22 Android
- 27 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 528 Off Topic
- 127 Introductions
- 213 Small Talk
- 20 Study Material
- 794 Programming and Development
- 262 Kernel Development
- 498 Software Development
- 923 Software
- 258 Applications
- 182 Command Line
- 2 Compiling/Installing
- 76 Games
- 316 Installation
- 53 All In Program
- 53 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)