Giter Club home page Giter Club logo

Comments (31)

vrmerlin avatar vrmerlin commented on August 14, 2024 2

i finally seemed to have fixed this problem -- the solution was to update my /etc/hostname file, to be the fully qualified host name.

from puppetlabs-kubernetes.

scotty-c avatar scotty-c commented on August 14, 2024

@vrmerlin it looks like etcd has not started. Can you confirm that in the logs?
Also that the etcd certs are correct and services are able to hit it

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

It looks like etcd is indeed running:

# systemctl status etcd
● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-06-06 10:01:11 PDT; 1 day 2h ago
     Docs: https://github.com/coreos/etcd
 Main PID: 13154 (etcd)
    Tasks: 7
   Memory: 3.6M
   CGroup: /system.slice/etcd.service
           └─13154 /usr/local/bin/etcd .......

Jun 06 10:01:11 foobar.llnl.gov etcd[13154]: set the initial cluster version to 3.1
Jun 06 10:01:11 foobar.llnl.gov etcd[13154]: enabled capabilities for version 3.1
Jun 06 10:01:11 foobar.llnl.gov etcd[13154]: published {Name:foobar ClientURLs:[https://1.2.3.4:2379]} to cluster b247e148a129351d
Jun 06 10:01:11 foobar.llnl.gov etcd[13154]: ready to serve client requests
Jun 06 10:01:11 foobar.llnl.gov systemd[1]: Started etcd.
Jun 06 10:01:11 foobar.llnl.gov etcd[13154]: serving client requests on 1.2.3.4:2379
Jun 06 10:01:11 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service
Jun 06 10:01:11 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service
Jun 06 10:32:41 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service
Jun 06 10:42:01 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service

How do i check if the certs are correct and if the services are able to hit it?

from puppetlabs-kubernetes.

rustymunkey avatar rustymunkey commented on August 14, 2024

I am having the exact same problem. I followed the readme.md to install kubernetes on a clean vm and ran into the same pre-flight error.

# puppet agent -t
[...]
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[test-vm]/Exec[kubeadm init]/returns: [preflight] Some fatal errors occurred:
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[test-vm]/Exec[kubeadm init]/returns:    [ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[test-vom]/Exec[kubeadm init]/returns: [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
[...]
Notice: Applied catalog in 29.68 seconds

etcd is running:

● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: enabled)
[...]

Is there any configuration option, that i am missing? I am quite new to the whole kubernetes world, so it could easily be a user error.

from puppetlabs-kubernetes.

scotty-c avatar scotty-c commented on August 14, 2024

@rustymunkey & @vrmerlin can you copy your hiera files into the issue?

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

@rustymunkey & @vrmerlin in addition to your hiera config, can you run the following with your etcd IP and paste the result

root@kube-master:/etc/kubernetes/pki/etcd# etcdctl --cert-file=server.crt --key-file=server.key --ca-file=ca.crt --endpoints https://<etcd_IP>:2379 cluster-health

for example

root@kube-master:/etc/kubernetes/pki/etcd# etcdctl --cert-file=server.crt --key-file=server.key --ca-file=ca.crt --endpoints https://172.17.10.101:2379 cluster-health
2018-06-19 20:26:20.270224 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2018-06-19 20:26:20.270948 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
member a3c9d666cfc93e89 is healthy: got healthy result from https://172.17.10.101:2379
cluster is healthy

from puppetlabs-kubernetes.

rustymunkey avatar rustymunkey commented on August 14, 2024

Yeah, sure!

@davejrt There really seems to be a problem with the certificates:

2018-06-20 10:06:37.440614 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2018-06-20 10:06:37.441936 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
cluster may be unhealthy: failed to list members
Error:  client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 10.1.66.29 because it doesn't contain any IP SANs

error #0: x509: cannot validate certificate for 10.1.66.29 because it doesn't contain any IP SANs

how do i fix it? I used the puppet/kubetool docker images for generating the certificates.

and as requested the hiera.yaml

kubernetes::bootstrap_controller: true
kubernetes::controller: true
kubernetes::kubernetes_version: 1.10.3-00
kubernetes::kubernetes_package_version: 1.10.3-00
kubernetes::container_runtime: docker
kubernetes::cni_network_provider: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubernetes::cni_pod_cidr: "10.244.0.0/16"
kubernetes::cluster_service_cidr: "10.96.0.0/16"
kubernetes::kubernetes_fqdn: kubernetes.example.com
kubernetes::bootstrap_controller_ip: "%{::ipaddress_ens3}"
kubernetes::etcd_version: '3.1.12'
kubernetes::etcd_initial_cluster: "test-vm=https://%{::ipaddress_ens3}:2380"
kubernetes::etcd_ip: "%{::ipaddress_ens3}"
kubernetes::etcd_peers:
  - 10.1.66.29
kubernetes::kube_dns_ip: "10.96.0.10"
kubernetes::kube_api_service_ip: "10.96.0.1"
kubernetes::kube_api_advertise_address: "%{::ipaddress_ens3}"
kubernetes::api_server_count: 1
kubernetes::controller_address: "10.1.66.29:6443"
kubernetes::install_dashboard: false
kubernetes::taint_master: false
kubernetes::token: 8dce35.ee31967c3c239cba

followed by a list of certificates and keys.

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

what version of the kubetool are you using? Some of those params are no longer valid in the version of the module. puppet/kubetool:2.0.2 is the one you'll need

from puppetlabs-kubernetes.

AranVinkItility avatar AranVinkItility commented on August 14, 2024

Edit: Removing kubeadm and reinstalling it solved my similar issue.

Old post:
Running into a similar issue with module version 2.0.2 and kubetool 2.0.2.
Etcd is running on all my nodes and the connection snippet works for me.
In my case the kubelet service is not started (same error as @vrmerlin). If I try to start it manually it says it's unable to start:

Jun 29 14:50:54 ics106067213 kubelet[6609]: F0629 14:50:54.763798    6609 server.go:233] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such..

This configuration file is missing, however I can't find a mention anywhere in this module. It might be the same reason why @vrmerlin is not able to start his cluster.

Possibly related: I also notice the kubelet service is no longer managed by this module since v2.x, is there a reason for this?
https://github.com/puppetlabs/puppetlabs-kubernetes/blob/1.1.0/manifests/service.pp#L41

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

Sorry, i'm getting back to this problem after being away on vacation.

@AranVinkItility That's correct, the file /etc/kubernetes/bootstrap-kubelet.conf is missing for me. You said "Removing kubeadm and reinstalling it solved my similar issue." What do you mean by that? I want to bring up the kubernetes master from a fresh VM without problems or special steps.

@davejrt How do i find that log file?

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

I did notice this in my /var/log/messages:

Jul  6 14:34:32 fisher23-linux yum[12774]: Installed: kubelet-1.10.2-0.x86_64
Jul  6 14:34:35 fisher23-linux chronyd[956]: Selected source 134.9.161.140Jul  6 14:34:35 fisher23-linux yum[12774]: Installed: kubernetes-cni-0.6.0-0.x86_64
Jul  6 14:34:36 fisher23-linux puppet-agent[12795]: (Facter) error while resolving custom fact "docker": 751: unexpected token at ''
Jul  6 14:34:36 fisher23-linux puppet-agent[12795]: (Facter) error while resolving custom fact "docker_server_version": undefined method `[]' for nil:NilClass
Jul  6 14:34:36 fisher23-linux systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.Jul  6 14:34:39 fisher23-linux puppet-agent[12795]: Applied catalog in 0.95 seconds
Jul  6 14:34:44 fisher23-linux yum[12921]: Installed: kubectl-1.10.2-0.x86_64
Jul  6 14:34:56 fisher23-linux yum[12952]: Installed: kubeadm-1.10.2-0.x86_64

Is that helpful at all?

from puppetlabs-kubernetes.

AranVinkItility avatar AranVinkItility commented on August 14, 2024

@vrmerlin I removed kubeadm using my OS package manager (yum, RHEL 7 in my case). After that I did a new puppet run and that solved the issue. Could also be that it needed two runs to succeed though, and it was more of a placebo.

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

@vrmerlin based on the first log you posted and what @scotty-c said your etcd cluster is not starting. Have you verified you're using the correct version of the kubetool for this version of the module.

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

@davejrt as I said in my June 7th posting, it appears that etcd was running successfully. I wasn't trying to run a full cluster version. I think the kubetool docker image i grabbed was "latest". I'll try explicitly stating 2.0.2 and see if it works better.

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

I completely reset my VM to an earlier state, so everything was clean, re-generated the YAML using the kubetool (2.0.2), and ran the puppet script again. It all seems to install fine, until the very end, where again I get this error:

[ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty

This is my kubetool command (with my hostname set to foobar, and my IP address set to 1.2.3.4):

docker run --rm \
       -v $(pwd):/mnt \
       -e OS=redhat \
       -e VERSION=1.10.2 \
       -e CONTAINER_RUNTIME=docker \
       -e CNI_PROVIDER=weave \
       -e ETCD_INITIAL_CLUSTER=foobar:1.2.3.4 \
       -e ETCD_IP="1.2.3.4" \
       -e KUBE_API_ADVERTISE_ADDRESS="1.2.3.4" \
       -e INSTALL_DASHBOARD=true puppet/kubetool:2.0.2

Does that look correct?

And here is the status of the etcd process:

# systemctl status etcd
● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-07-18 13:28:08 PDT; 21min ago
     Docs: https://github.com/coreos/etcd
 Main PID: 3998 (etcd)
    Tasks: 7
   Memory: 3.3M
   CGroup: /system.slice/etcd.service
           └─3998 /usr/local/bin/etcd --name foobar --data-dir /var/lib/etcd --listen-client-urls https://1.2.3.4:2379 --advertise-client-urls https://1.2.3.4:2379 --listen-peer-urls https://1.2.3.4:2380 --initial-advertise-peer-u...

Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: setting up the initial cluster version to 3.1
Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: published {Name:foobar ClientURLs:[https://1.2.3.4:2379]} to cluster b247e148a129351d
Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: ready to serve client requests
Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: serving client requests on 1.2.3.4:2379
Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: set the initial cluster version to 3.1
Jul 18 13:28:08 foobar.llnl.gov etcd[3998]: enabled capabilities for version 3.1
Jul 18 13:28:08 foobar.llnl.gov systemd[1]: Started etcd.
Jul 18 13:28:08 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service
Jul 18 13:28:08 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service
Jul 18 13:34:01 foobar.llnl.gov systemd[1]: Dependency Conflicts=etcd.service dropped from unit etcd.service

Any suggestions on what I should change would be really appreciate; I've been playing with this off and on since early June and getting nowhere.

John

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

In my experience those errors are caused by problems with the certificates. Have you considered using KREAM to test the module. You can change whatever you want in the config for that to test out your certificates. Using the environment to develop the module this has generally been the cause of our issues. I'm assuming of course here you're setting up a single node cluster?

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

This first pass is a single node cluster. Once I figure things out, I'd like to have a master node, and two work nodes. I'm sorry, I have no idea what KREAM is...? Did you have a specific test in mind that I should do?

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

KREAM is a vagrant environment developed to test this module. I would recommend using it you're not entirely familiar with all the working parts. It has the certficates. Try using the fact for the interfaces when you generate the hiera like we do in the exampes and see if that helps

https://github.com/puppetlabs/kream

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

I originally used the ::ipaddress_eth1 fact, but was getting the error:

Warning: Undefined variable '::ipaddress_eth1'; \n   (file & line not available)

i.e. that fact is not one that is available for me. Is that part of the problem?

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

Yes, you'll need to use whatever fact corresponds to the interface you want to use.

from puppetlabs-kubernetes.

2ZZ avatar 2ZZ commented on August 14, 2024

Also having this problem. I removed --client-cert-auth and --peer-client-cert-auth from templates/etcd/etcd.service.erb to get it running, looks like something is not right with the cert generation

from puppetlabs-kubernetes.

scotty-c avatar scotty-c commented on August 14, 2024

@2ZZ The cert generation works. The repo kream the is listed above use it. We run nightly tests to test it as well. Have you entered the correct inputs into kubetool ? That would be the most common issue

from puppetlabs-kubernetes.

vrmerlin avatar vrmerlin commented on August 14, 2024

@scotty-c I provided my specific kubetool command, above. Did it look correct? Here it is again (host/IP addresses replaced):

docker run --rm \
       -v $(pwd):/mnt \
       -e OS=redhat \
       -e VERSION=1.10.2 \
       -e CONTAINER_RUNTIME=docker \
       -e CNI_PROVIDER=weave \
       -e ETCD_INITIAL_CLUSTER=foobar:1.2.3.4 \
       -e ETCD_IP="1.2.3.4" \
       -e KUBE_API_ADVERTISE_ADDRESS="1.2.3.4" \
       -e INSTALL_DASHBOARD=true puppet/kubetool:2.0.2

from puppetlabs-kubernetes.

scotty-c avatar scotty-c commented on August 14, 2024

@vrmerlin it looks ok, the most important information has been redacted. What are the etcd logs saying? if there is an x509 issue you will see it there.

from puppetlabs-kubernetes.

khaefeli avatar khaefeli commented on August 14, 2024

@vrmerlin some ideas:

  • make sure /etc/hosts / dns is resolving your foobar / hostname configured in etcd
  • hostname -f should match your ETCD_INITIAL_CLUSTER
  • check if kubectl init maybe proxy to an http_proxy and tries to access localhost an this proxy (instead of accessing etcd's localhost)
  • reset the whole Kubernetes config kubeadm reset, regenerate the certs & insert them into hiera again, run puppet again
  • paste the systemd unit file /etc/systemd/system/etcd.service

side note: I think your facter variables above are wrong.
Maybe my .env config helps (cluster for 3)

OS=debian
VERSION=1.11.0
CONTAINER_RUNTIME=containerd
CNI_PROVIDER=weave
ETCD_INITIAL_CLUSTER=kube-controller1.domain.com:10.12.37.160,kube-controller2.domain.com:10.12.38.170,kube-controller3.domain.com:10.12.44.170
ETCD_IP="%{::ipaddress_br0}" 
KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_br0}" 
INSTALL_DASHBOARD=true

from puppetlabs-kubernetes.

ndelic0 avatar ndelic0 commented on August 14, 2024

Reporting the same issue.

puppet --version 5.5.2

Puppet module version 2.0.2

Docker:
docker version Client: Version: 17.03.1-ce API version: 1.27 Go version: go1.7.5 Git commit: c6d412e Built: Fri Mar 24 00:36:45 2017 OS/Arch: linux/amd64

Server: Version: 17.03.1-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: c6d412e Built: Fri Mar 24 00:36:45 2017 OS/Arch: linux/amd64 Experimental: false

Kubectl version
kubectl version Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

OS:
facter os { architecture => "x86_64", family => "RedHat", hardware => "x86_64", name => "CentOS", release => { full => "7.5.1804", major => "7", minor => "5" }, selinux => { enabled => false } }

etcd cluster members:
[root@control-01 ~]# ETCDCTL_API=3 etcdctl member list \ --endpoints=https://10.0.0.11:2379 \ --cacert=/etc/kubernetes/pki/etcd/ca.crt \ --cert=/etc/kubernetes/pki/etcd/client.crt \ --key=/etc/kubernetes/pki/etcd/client.key 2018-08-20 20:59:46.912823 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated f252c52dd348c25, started, control-03, https://10.0.0.13:2380, https://10.0.0.13:2379 89681c104bf9f0d6, started, control-02, https://10.0.0.12:2380, https://10.0.0.12:2379 dea6586d25883262, started, control-01, https://10.0.0.11:2380, https://10.0.0.11:2379

The error:

Info:`

Applying configuration version 'puppetserver-01-production-7332ab5b9ea'
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [init] Using Kubernetes version: v1.10.7
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [init] Using Authorization modes: [Node RBAC]
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [preflight] Running pre-flight checks.
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [WARNING FileExisting-crictl]: crictl not found in system path
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [preflight] Some fatal errors occurred:
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR Port-6443]: Port 6443 is in use
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR Port-10250]: Port 10250 is in use
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR Port-10251]: Port 10251 is in use
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR Port-10252]: Port 10252 is in use
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: [preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...
Error: 'kubeadm init --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors='dave'' returned 2 instead of one of [0]
Error: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[control-01]/Exec[kubeadm init]/returns: change from 'notrun' to ['0'] failed: 'kubeadm init --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors='dave'' returned 2 instead of one of [0]
Notice: /Stage[main]/Kubernetes::Kube_addons/Exec[Install cni network provider]: Dependency Exec[kubeadm init] has failures: true
Warning: /Stage[main]/Kubernetes::Kube_addons/Exec[Install cni network provider]: Skipping because of failed dependencies
Notice: /Stage[main]/Kubernetes::Kube_addons/Exec[Install Kubernetes dashboard]: Dependency Exec[kubeadm init] has failures: true
Warning: /Stage[main]/Kubernetes::Kube_addons/Exec[Install Kubernetes dashboard]: Skipping because of failed dependencies
Notice: Applied catalog in 5.47 seconds

from puppetlabs-kubernetes.

ndelic0 avatar ndelic0 commented on August 14, 2024

Problem in my case has been solved by overriding node_label param. Like this :
kubernetes::node_label: "%{::fqdn}"

https://github.com/kubernetes/kubeadm/issues/584

from puppetlabs-kubernetes.

tahoward avatar tahoward commented on August 14, 2024

Running into same issue:

Notice: /Stage[main]/Kubernetes::Service/Service[etcd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Kubernetes::Service/Service[etcd]: Unscheduling refresh on Service[etcd]
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: [init] Using Kubernetes version: v1.10.8
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: [init] Using Authorization modes: [Node RBAC]
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: [preflight] Running pre-flight checks.
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: 	[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.06.1-ce. Max validated version: 17.03
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: 	[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: 	[WARNING FileExisting-crictl]: crictl not found in system path
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: [preflight] Some fatal errors occurred:
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: 	[ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty
Notice: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
Error: 'kubeadm init --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors=''' returned 2 instead of one of [0]
Error: /Stage[main]/Kubernetes::Cluster_roles/Kubernetes::Kubeadm_init[fk8sm001.domain.com]/Exec[kubeadm init]/returns: change from 'notrun' to ['0'] failed: 'kubeadm init --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors=''' returned 2 instead of one of [0]

Here is the env contents ran through kubetool:3.0.0:

OS=redhat
VERSION=1.10.2
CONTAINER_RUNTIME=docker
CNI_PROVIDER=flannel
ETCD_INITIAL_CLUSTER=fk8sm001.domain.com:10.32.156.89,fk8sm002.domain.com:10.32.156.9,fk8sm003.domain.com:10.37.68.154
BOOTSTRAP_CONTROLLER_IP=10.32.156.89
ETCD_IP="%{::ipaddress_eth0}"
KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_eth0}"
INSTALL_DASHBOARD=true

Deployed certificates appear to be OK:

[root@fk8sm001 etcd]# etcdctl --cert-file=server.crt --key-file=server.key --ca-file=ca.crt --endpoints https://10.32.156.89:2379 cluster-health
2018-10-11 21:06:48.274833 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2018-10-11 21:06:48.275753 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
member 8640a28a39722fe0 is healthy: got healthy result from https://10.32.156.9:2379
member 99c511dbe29898a6 is healthy: got healthy result from https://10.32.156.89:2379
member d20ca2d2cd75cc09 is healthy: got healthy result from https://10.37.68.154:2379

All the members are connected on etcd:

[root@fk8sm001 etcd]# systemctl status etcd
● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-10-11 21:18:55 MST; 934ms ago
     Docs: https://github.com/coreos/etcd
 Main PID: 14228 (etcd)
    Tasks: 9
   Memory: 7.7M
   CGroup: /system.slice/etcd.service
           └─14228 /usr/local/bin/etcd --name fk8sm001.domain.com --data-dir /var/lib/etcd --listen-client-urls https://10.32.156.89:2379 --advertise-client-urls https://10.32.156.89:2379 --listen-peer-urls https://10.32.156...

Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: established a TCP streaming connection with peer 8640a28a39722fe0 (stream MsgApp v2 reader)
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: established a TCP streaming connection with peer d20ca2d2cd75cc09 (stream MsgApp v2 writer)
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: established a TCP streaming connection with peer d20ca2d2cd75cc09 (stream Message writer)
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: established a TCP streaming connection with peer 8640a28a39722fe0 (stream Message writer)
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: established a TCP streaming connection with peer 8640a28a39722fe0 (stream MsgApp v2 writer)
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: raft.node: 99c511dbe29898a6 elected leader 8640a28a39722fe0 at term 641
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: published {Name:fk8sm001.domain.com ClientURLs:[https://10.32.156.89:2379]} to cluster 94aea16586a6fa37
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: ready to serve client requests
Oct 11 21:18:55 fk8sm001.domain.com etcd[14228]: serving client requests on 10.32.156.89:2379
Oct 11 21:18:55 fk8sm001.domain.com systemd[1]: Started etcd.

from puppetlabs-kubernetes.

tahoward avatar tahoward commented on August 14, 2024

Ok so this is odd... I restarted etcd on each node then ran kubeadm init --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors='' and the error didn't crop up. Is there perhaps a sequencing issue? The only operation I performed was restart of etcd on each host.

from puppetlabs-kubernetes.

davejrt avatar davejrt commented on August 14, 2024

Thanks for getting back to us with the solution

from puppetlabs-kubernetes.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.