lab 4.6 error
When initially running lab 4-6, I knew it was expected to fail, but I somehow doubt very much this is the expected failure. What is going on here?
Warning FailedCreatePodSandBox 11s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_init-tester_default_6404e3fd-e1fa-45cb-bfd8-0911a24422a5_0(c10d5d863c5297f161be95320c037cf891648221f05d9beec88fa315b58549ca): error adding pod default_init-tester to CNI network "k8s-pod-network": error getting ClusterInformation: Get "https://10.96.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
I know what those words mean but how can that even happen in this environment? Is something out of date?
Comments
-
Hello,
Indeed this is an unexpected error. Well, they all are unexpected, but this one more than most. To help troubleshoot:
- What are you using to run your cluster?
- What version of OS and Kubernetes are you using?
- Have you turned anything on or off since initializing the cluster?
- Do you get this error with any other commands, like kubectl create deploy?
Regards,
0 -
I am using Ubuntu 20.04.4 LTS with VMWare workstation, kubernetes version 1.23.1.
Regarding your third question, I believe this would not be the case. Prior to running k8scp.sh, I saved a snapshot. I recently reverted to this snapshot (and updated the files) because my old build (from late December) would encounter a 404 error from quay.io every time it tried to pull nginx (and I'm not even sure if I still have that problem!)
As a result, you could say I ran initial setup (apparmor off, etc), ran 2.1, 2.2, then attempted 4.6. As far as the VM is concerned, that is.
As a sanity check, I ran kubectl create deploy --image=nginx test. We have the following:
eric@ubuntu:~$ kubectl describe deployment
Name: test
Namespace: default
CreationTimestamp: Thu, 31 Mar 2022 16:03:11 -0700
Labels: app=test
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=test
Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=test
Containers:
nginx:
Image: nginx
Port:
Host Port:
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
---- ------ ------
Available False MinimumReplicasUnavailable
Progressing True ReplicaSetUpdated
OldReplicaSets:
NewReplicaSet: test-8499f4f74 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 2m6s deployment-controller Scaled up replica set test-8499f4f74 to 1kubectl describe pod
Name: test-8499f4f74-njzvz
Warning FailedCreatePodSandBox 7m58s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_test-8499f4f74-njzvz_default_0b9c3d93-387c-4b78-9bce-b419fc4a45a7_0(73d1561f2f5946edf5d5266e4e8519b2352191c382faca2c9f60ee02bf386f53): error adding pod default_test-8499f4f74-njzvz to CNI network "k8s-pod-network": error getting ClusterInformation: Get "https://10.96.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")0 -
Ah, a snapshot. That's probably the issue.
If your IP address changes when the snapshot is restored, such as when using DHCP, then the x509 certificate no longer will work as it was tied to the original IP. When running the kubeadm init you can pass a config file and reference a hostname instead. Then the cert will work if the IP changes. For example if you have an /etc/hosts entry for k8scp you could use a kubeadm-config.yaml file like this, minus the number the codeblock puts in:
apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: 1.23.1 controlPlaneEndpoint: "k8scp:6443" networking: podSubnet: 192.168.0.0/16
More on that file here: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/
Regards,
0 -
Mr. Serewicz,
Would that be the case if the snapshot reverts back to only the end of 2.1? (After your course package has arrived from wget but prior to running k8scp? Looking into your suggestion either way, but thought I'd run this by you while I did.
0 -
Update: Tried the whole thing again. I skipped adding a worker node for now as I don't think 4.6 will require it. This is the result of a simple nginx deployment
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 2m8s (x2 over 3m25s) default-scheduler 0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.
Normal Scheduled 87s default-scheduler Successfully assigned default/test-8499f4f74-rhnl5 to cp
Normal Pulling 86s kubelet Pulling image "nginx"
Normal Pulled 76s kubelet Successfully pulled image "nginx" in 9.751208344s
Normal Created 76s kubelet Created container nginx
Normal Started 76s kubelet Started container nginx0
Categories
- All Categories
- 219 LFX Mentorship
- 219 LFX Mentorship: Linux Kernel
- 793 Linux Foundation IT Professional Programs
- 354 Cloud Engineer IT Professional Program
- 179 Advanced Cloud Engineer IT Professional Program
- 82 DevOps Engineer IT Professional Program
- 147 Cloud Native Developer IT Professional Program
- 137 Express Training Courses
- 137 Express Courses - Discussion Forum
- 6.2K Training Courses
- 47 LFC110 Class Forum - Discontinued
- 71 LFC131 Class Forum
- 42 LFD102 Class Forum
- 227 LFD103 Class Forum
- 19 LFD110 Class Forum
- 38 LFD121 Class Forum
- 18 LFD133 Class Forum
- 7 LFD134 Class Forum
- 18 LFD137 Class Forum
- 71 LFD201 Class Forum
- 5 LFD210 Class Forum
- 5 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 2 LFD233 Class Forum
- 4 LFD237 Class Forum
- 24 LFD254 Class Forum
- 697 LFD259 Class Forum
- 111 LFD272 Class Forum
- 4 LFD272-JP クラス フォーラム
- 12 LFD273 Class Forum
- 149 LFS101 Class Forum
- 1 LFS111 Class Forum
- 3 LFS112 Class Forum
- 2 LFS116 Class Forum
- 4 LFS118 Class Forum
- LFS120 Class Forum
- 7 LFS142 Class Forum
- 5 LFS144 Class Forum
- 4 LFS145 Class Forum
- 3 LFS146 Class Forum
- 3 LFS147 Class Forum
- 1 LFS148 Class Forum
- 15 LFS151 Class Forum
- 2 LFS157 Class Forum
- 30 LFS158 Class Forum
- 7 LFS162 Class Forum
- 2 LFS166 Class Forum
- 4 LFS167 Class Forum
- 3 LFS170 Class Forum
- 2 LFS171 Class Forum
- 3 LFS178 Class Forum
- 3 LFS180 Class Forum
- 2 LFS182 Class Forum
- 5 LFS183 Class Forum
- 32 LFS200 Class Forum
- 737 LFS201 Class Forum - Discontinued
- 3 LFS201-JP クラス フォーラム
- 18 LFS203 Class Forum
- 134 LFS207 Class Forum
- 2 LFS207-DE-Klassenforum
- 1 LFS207-JP クラス フォーラム
- 302 LFS211 Class Forum
- 56 LFS216 Class Forum
- 52 LFS241 Class Forum
- 48 LFS242 Class Forum
- 38 LFS243 Class Forum
- 15 LFS244 Class Forum
- 2 LFS245 Class Forum
- LFS246 Class Forum
- 49 LFS250 Class Forum
- 2 LFS250-JP クラス フォーラム
- 1 LFS251 Class Forum
- 153 LFS253 Class Forum
- 1 LFS254 Class Forum
- 1 LFS255 Class Forum
- 9 LFS256 Class Forum
- 1 LFS257 Class Forum
- 1.3K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 119 LFS260 Class Forum
- 159 LFS261 Class Forum
- 42 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 24 LFS267 Class Forum
- 24 LFS268 Class Forum
- 30 LFS269 Class Forum
- LFS270 Class Forum
- 202 LFS272 Class Forum
- 2 LFS272-JP クラス フォーラム
- 1 LFS274 Class Forum
- 4 LFS281 Class Forum
- 9 LFW111 Class Forum
- 259 LFW211 Class Forum
- 181 LFW212 Class Forum
- 13 SKF100 Class Forum
- 1 SKF200 Class Forum
- 1 SKF201 Class Forum
- 796 Hardware
- 199 Drivers
- 68 I/O Devices
- 37 Monitors
- 103 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 85 Storage
- 758 Linux Distributions
- 82 Debian
- 67 Fedora
- 17 Linux Mint
- 13 Mageia
- 23 openSUSE
- 148 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 353 Ubuntu
- 468 Linux System Administration
- 39 Cloud Computing
- 71 Command Line/Scripting
- Github systems admin projects
- 93 Linux Security
- 78 Network Management
- 102 System Management
- 47 Web Management
- 63 Mobile Computing
- 18 Android
- 33 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 371 Off Topic
- 114 Introductions
- 174 Small Talk
- 22 Study Material
- 805 Programming and Development
- 303 Kernel Development
- 484 Software Development
- 1.8K Software
- 263 Applications
- 183 Command Line
- 3 Compiling/Installing
- 987 Games
- 317 Installation
- 97 All In Program
- 97 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)