kubernetes-the-hard-way kube-apiserver systemd service fails to start

kube-apiserver systemd service fails to start

Open prakashmirji opened this issue 3 years ago • 1 comments

I followed the steps from the guide.

My env:

on-prem centos 7.9
v1.18.6

when I try to start the kube-apiserver systemd service, It fails to come up. I see below error message like below

I0430 00:00:24.205492 31884 log.go:172] http: TLS handshake error from 127.0.0.1:54950: remote error: tls: bad certificate I0430 00:00:25.692841 31884 log.go:172] http: TLS handshake error from 127.0.0.1:54952: remote error: tls: bad certificate I0430 00:00:27.151773 31884 log.go:172] http: TLS handshake error from 127.0.0.1:54958: remote error: tls: bad certificate I0430 00:00:29.163844 31884 log.go:172] http: TLS handshake error from 127.0.0.1:54960: remote error: tls: bad certificate I0430 00:00:31.259126 31884 log.go:172] http: TLS handshake error from 127.0.0.1:54966: remote error: tls: bad certificate

I tried to run below cmd manually,

/usr/local/bin/kube-apiserver --advertise-address=16.0.14.116 --allow-privileged=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/log/audit.log --authorization-mode=Node,RBAC --bind-address=0.0.0.0 --client-ca-file=/var/lib/kubernetes/ca.pem --enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota --etcd-cafile=/var/lib/kubernetes/ca.pem --etcd-certfile=/var/lib/kubernetes/kubernetes.pem --etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem --etcd-servers=https://16.0.14.116:2379,https://16.0.14.117:2379,https://16.0.14.118:2379 --event-ttl=1h --encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml --kubelet-certificate-authority=/var/lib/kubernetes/ca.pem --kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem --kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem --kubelet-https=true --runtime-config='api/all=true' --service-account-key-file=/var/lib/kubernetes/service-account.pem --service-account-signing-key-file=/var/lib/kubernetes/service-account-key.pem --service-account-issuer=api --service-cluster-ip-range=10.32.0.0/24 --service-node-port-range=30000-32767 --tls-cert-file=/var/lib/kubernetes/kubernetes.pem --tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem --v=2

Any pointers to troubleshoot? If I need to share more logs, please let me know.

Apr 30 '21 07:04 prakashmirji

May I know what is the version of etcd you are using? In my case it went away by itself when I used latest version of etcd (or maybe it was something else)

Nov 11 '21 19:11 khanabid20

kubernetes-the-hard-way kubernetes-the-hard-way copied to clipboard

kube-apiserver systemd service fails to start

kubernetes-the-hard-way
kubernetes-the-hard-way copied to clipboard