Rahul Chandra:
Hi, I tried following all the instructions mentioned in https://github.com/mmumshad/kubernetes-the-hard-way
everything looks good, except that when I try to tail logs of the pods, I am getting exceptions
vagrant@master-1:~$ kubectl logs weave-net-cn42m weave -n kube-system
Error from server: Get <https://worker-2:10250/containerLogs/kube-system/weave-net-cn42m/weave>: x509: certificate signed by unknown authority
can someone help ?
Dhruvan Tanna:
Hi Rahul,
As far as what I can understand
Seems like kubelet (as a server) is not signed by the proper CA cert or the domain name (worker-2) doesn’t match with the ones mentioned in the Kubelet cert as alt domains.
Mohamed Ayman:
Please try again with this config file
apiVersion: v1
clusters:
vagrant@master-1:~$ curl https://192.168.5.30:6443/api|https://192.168.5.30:6443/api -k
{
“kind”: “APIVersions”,
“versions”: [
“v1”
],
“serverAddressByClientCIDRs”: [
{
“clientCIDR”: “0.0.0.0/0”,
“serverAddress”: “192.168.5.11:6443”
}
]
}
Rahul Chandra:
I have made the changes as per the YAML file you shared above
{
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=<https://192.168.5.30:6443> \
--kubeconfig=admin.kubeconfig
kubectl config set-credentials admin \
--client-certificate=/home/vagrant/admin.crt \
--client-key=/home/vagrant/admin.key \
--embed-certs=true \
--kubeconfig=admin.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=admin \
--kubeconfig=admin.kubeconfig
kubectl config use-context default --kubeconfig=admin.kubeconfig
}
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN0ekNDQVo4Q0ZCdEVSQ1lJQTU1Q3RxRy9BYUlKeFM3OWtTRnZNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CZ3gKRmpBVUJnTlZCQU1NRFV0VlFrVlNUa1ZVUlZNdFEwRXdIaGNOTWpFd05UQTFNRGN5TWpBeldoY05NalF3TVRNdwpNRGN5TWpBeldqQVlNUll3RkFZRFZRUUREQTFMVlVKRlVrNUZWRVZUTFVOQk1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXgvdFBkOXQyRFVnNUxlWHd4Sm5EelUwNUJVNmdjTENPOHdOZTRscGgKOUljZlFQK3VkczV0MGZGUE91Q1BHTlVhRTNmV1BSL3dWUFJEVXRWaVArbWVwWmRPb1VubURGSXEreVRIWnRQMApoVzNHOVg3QkloVGJrQzlJUC9WUzlxMlJ6bmFRenRYRkdGR2krNG9zWkRpNlZSSUV4K0lxVlpXSEhhQ01JUll3CkI1a3VuL21XdzU4ODM3Zm81OFAwOU4xZTk0UlhJMS9XQmlVcnBTNTd0UlRZeTV4d244dy9MVUhUazFOWXlRMVQKczdjWXdlNHNxUWNTcStoQXN6N3FoeXlGcnBLdVJNTWR1YXJIdk1XU1QzblpmWFYvdzRMQW1LVWtjcWNHN2QvcwpEcXJPMFVGRHQwWlpnSXRxOVp5TlhVR255VHBxK3BuVitLb1QrdTFGYmpRM0lRSURBUUFCTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQnNhVGNnQWxkcC9GNU5Gb1VxYStrM3BTNGVreTNtaS9VcjUyYnE5Z1lVcHhhaTByVW0KMVBVclBjQXlkbWpybzNjQkZEY2doK2hvSThWUDA0QXh0L0xjUEljeFEvbWt4NnNmdTYvekcwTmU2OFE1Qmk4QwpmNC9pYTUyMWFybzRiZi9KSEp2ZjZkaUxJV3g2R1NuSW1ZazE2cExqczVycUxWMGRuK2VKTWxubDZZbW0yTHZtCjA3dk03ODd6RnQzcXlVWmh3QnloN2xEWW9BcllzYS9teU0wYnpjcUdrWVl5d2NBUFR1UjQ5b3V6STFTNlZsNncKL0lHdVZEMmhmNUhhQmF2OXdVUzQ5RXhXK1dEM0xVa3hJaVF4Zm0zUTlmd0ticFRQc0l5VXQwWFBaY2UrREIwVApsSWlYcmVlSFV2ZkFOSnROOW81UEh0V2VXTmJXeG9JQUk0Y3MKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: <https://192.168.5.30:6443>
name: kubernetes-the-hard-way
contexts:
- context:
cluster: kubernetes-the-hard-way
user: admin
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJBQ0ZCK1BoNXd1OXFqOERRTEl0K0hqK2Z6QnhHWStNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CZ3gKRmpBVUJnTlZCQU1NRFV0VlFrVlNUa1ZVUlZNdFEwRXdIaGNOTWpFd05UQTFNRGN5TWpFMVdoY05NalF3TVRNdwpNRGN5TWpFMVdqQXBNUTR3REFZRFZRUUREQVZoWkcxcGJqRVhNQlVHQTFVRUNnd09jM2x6ZEdWdE9tMWhjM1JsCmNuTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERFlVYVB2Zk1mV0k5NUZFK0QKZXNoZkw5ZUJ4cktCSFVHK3B0YVJ4a3M5UkRjR3ZrT3oxWVd0Sk11TW9BdGtSS1F4Wmd5cHVZSThRSTUzZ3F0SgpBcWVFNjNzWThOMXVYcUxSZzN2Wm53OU5Eejh2c01GQXVyN1hSSk5ReThCSTlwRmJvUmZDakZHekdyaWVlL1J1CnB3K0xxQXpycHBkQyt5Zi9xRjV6NzY5c2JKWkdrb1JEUFdzb3hsSWRLZWtOQUJHUDBEaW4vYnhpZjJyaG9ObzgKYXNjdFZ6SitVSFY1T0NlSGd3MEZqSVYxWnlWZDU1U1k0d3pZV0gyTkhGTzdFMFNhVGNWTEZWNlNscndtRW90dgpKQkJRc1p0TE9GVnhPam9vVVB1WnFTTzluTGJ3QnUvbGlpeFZJNGZkTUswK1dHbU0xWjJzK3c3dEtDNVF3MDFJCjBSMzFBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFMU2R0VlVRa0RNUFA2czVqaVY1dm5FdUZkL1MKalVJNkdVZzI0dllFTG1CdHYyK1I2R3hNQUtySFRJZ3NJWS9NZUdua25XN2UrcE1YT2dCdUN1OG9KZ1JES1ZNSgpKMjFHcFduVi9OV2ZTVnFlYzd0dG1oZzVKMnFsZXpucGcwc0xMdFlzaC83NWtmYnZqSDVBSGFNV0JkS2ZyVy8zCk5DeVhsYms4blY2dnZHWDVXZnlXZXk0SGhrcWlsOVEvanJQbEp0QTI0djZLNk4rT3BDcS80UjhrN1docGJ0bUwKSm9XTnJ1RHZ3QkhYdHFRWmJFV3g3WDRqVFR6QytXUnZkbGtEOEt2MDVnWmgwQS9NT08yaWo5dk5xZnlLMWJ3VgpqTkJiWWM5ZEw3ZEUvRGJZMmpqRWRyTGRpQ0t2TXkvQU5QRHRmYWFJMDBHK2VoenRIK2VteTJqR1F4VT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdzJGR2o3M3pIMWlQZVJSUGczcklYeS9YZ2NheWdSMUJ2cWJXa2NaTFBVUTNCcjVECnM5V0ZyU1RMaktBTFpFU2tNV1lNcWJtQ1BFQ09kNEtyU1FLbmhPdDdHUERkYmw2aTBZTjcyWjhQVFE4L0w3REIKUUxxKzEwU1RVTXZBU1BhUlc2RVh3b3hSc3hxNG5udjBicWNQaTZnTTY2YVhRdnNuLzZoZWMrK3ZiR3lXUnBLRQpRejFyS01aU0hTbnBEUUFSajlBNHAvMjhZbjlxNGFEYVBHckhMVmN5ZmxCMWVUZ25oNE1OQll5RmRXY2xYZWVVCm1PTU0yRmg5alJ4VHV4TkVtazNGU3hWZWtwYThKaEtMYnlRUVVMR2JTemhWY1RvNktGRDdtYWtqdlp5MjhBYnYKNVlvc1ZTT0gzVEN0UGxocGpOV2RyUHNPN1NndVVNTk5TTkVkOVFJREFRQUJBb0lCQUJsMmF2aSt1NW1oTkFtRwprUnBFZlNxU2xKWndLOEZSNjhpSis3ckJ5ZnB4RW03Sml3ODd5NUVXRTRUL01wemRxVHhhM1ZtZE9KRGJwUFdFClRRaFYxVGtvYTBHRDJvZlF3NDFrZ2xhSk9UaEV2V3Bjc2NMYTA1WkFkS1o1OTFSSzlnU29DTzJzMWRUdXJaTFIKK3JnVkE1eWl5UlJKQUx1VStkQ0N3OVIrTHpHRTl3RnRYWjZhUEZMWVRsMVd3M3ZuazZBR3F5VVZEZUxURG9mZApjZW9oaFBLSUs1M2pHMUdpVVVLNU1tT1YxSDBLOUZyMmxIalR0WVg1aW1rSTNWdDFxcFNJc2RuQVpDVnJ6SGhsClJ5YWQ4K1c5S20rQytLNExmNko1VGRhZXBNY2VxMnE4MkFDUW4vMVk2YTR3c1BrcTY3TlZydEZ4U001b2JrOWoKOHFuNkJwMENnWUVBNE5PckJTbVRvemxpVFlnOERoL3ZwUXY3bTJrZjQvRjdlbHh5SkpTQjlqYXFGNXkvVTNGYgpBQzVZRlJmanRZZGFLWXRZZkpRN1g5Y0RUUkI4L1d1cWxObzhSYWRoazJ1S1grWXpkcXV1b1pLME1qWEM3YTBIClB3SllFTll5NUYyaGF3WWNvdEdSL2t5RlZJQ0RWbkRrZkgzOWFNU3IyK3VlWURLd0QzZmVqU2NDZ1lFQTNuaGcKMDNtemhrTC9KdmkwcEZNMTU0R2lPWEZWMUNFRTI2bE0vUzh4NDJVK1NrUk9kM1kwcGZRT0VqRDQ3Wk82aEExMQpQbllncXFXVlVmcTlxSHlUNEdQN20xSTZiNGZOa2V6cDJ1Ti9NRHBCbjd3QnU4ZktZbmRoaXk2QzRtQWw1dlBFCndLd0JDUVNMYUJ5TnRtdSthYjBCcjFCUUYwcEduUzFEaHNYZDVZTUNnWUFqSXJFOWMwdnhYRXh5bFhIZE96eDIKYkxMN2pLaEJOVUg0MDIyN0xjSkp1aTFHMTJaSEloWDRwMFY0dG0wTnQ0TnRycXM3Zk9ieWlXV29xNFQ5RGRCdwp4dEpZaUZvRmNlOEVJYk8xUGd0aWtNeThkQTVzbW5maGJ2cFlWMEZJMHlFZzJxbXJBRmx5aG43bnY5WEdzb25pCnNzWGhrNnJRQ2JpTWpCOWJxMzRLVFFLQmdRREhOQzBuVDNOVUJvdW9Ic3pKMDRTUi9yNy9CcC9lNlk0TER3YlUKTXIxT0s2cmlIMVhQbkhXNkg5VzFya3BIbVo5S2ZTNTl0cEs3bXJjaENBOXBYZHVmOG9jcVppL1RERndqaldzOQpSN1hzdmsxaXRac3J4Tk5RNWlyZTBNLzcyakkySWhNTW56ZnlGaktxRDk5SStDTXhWVCs3OW9Nd3g1NkJRVFdVCjZYb3U5d0tCZ1FDRDdpd2JtZ1FoZmlQN21NSzZvVTBhQktpSFRKZ1FMb21IeGJYZWl6alN6SER5YkpES1hYWGcKb3JRTjlrWFljNVc5YkNVV2VFMzF0VlFhYlRGaTh4SmRYQjFwZjNvQzFnTEJUYXJOTXRuaTJBZVk4dk1ZcldnKwp2Y1JINHNaeXV6NGRCK1pZK0lJV2dJNVE1NVlqbTJZZ2srcFlkVldabHdLaGd2ZVBIdThGSkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo
Rahul Chandra:
vagrant@master-1:~$ curl <https://192.168.5.30:6443/api> -k
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "192.168.5.11:6443"
}
]
}
Rahul Chandra:
I am suspecting some issue while configuring the worker-2, analysing the steps I performed again