Hardway kubernetes bootstrap TLS worker didnt executed CSR

c.bayona · February 13, 2022, 8:56pm

have this error on worker2 after executing the lecture 22 bootstrap.go:239] Failed to connect to apiserver: the server has asked for the client to provide credentials. Also de kubelet service is active but without having access to apiserver because is asking to credentials.

Ayman · March 28, 2022, 11:14pm

Hello c.bayona,

the problem was that somehow context was changed. Checked it by

kubectl config current-context

and then changed it back to the correct one by

kubectl config use-context <Context-name>

Thanks,
KodeKloud Support

jibran_online · April 13, 2022, 4:26am

I am having the same issue. I don’t understand what you mean. Can you elaborate the answer.

vagrant@worker-2:~$ sudo systemctl status kubelet
● kubelet.service - Kubernetes Kubelet
Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-04-13 04:26:43 UTC; 14s ago
Docs: GitHub - kubernetes/kubernetes: Production-Grade Container Scheduling and Management
Main PID: 4680 (kubelet)
Tasks: 8 (limit: 545)
CGroup: /system.slice/kubelet.service
└─4680 /usr/local/bin/kubelet --bootstrap-kubeconfig=/var/lib/kubelet/bootstrap-kubeconfig --config=/var/lib/kubele

Apr 13 04:26:43 worker-2 kubelet[4680]: I0413 04:26:43.754850 4680 server.go:523] No cloud provider specified: “” from the
Apr 13 04:26:43 worker-2 kubelet[4680]: I0413 04:26:43.755042 4680 bootstrap.go:65] Using bootstrap kubeconfig to generate
Apr 13 04:26:43 worker-2 kubelet[4680]: I0413 04:26:43.757160 4680 bootstrap.go:96] No valid private key and/or certificate

Tej_Singh_Rana · April 14, 2022, 4:17am

Hello @jibran_online
Please check out k8s hardway series in our KK YT channel.

Regards,
KodeKloud Support

jeremy.english · September 9, 2022, 11:29am

I had this problem when when setting up tls. I didn’t update the expiration date in the bootstrap-token-07401b.yaml file. Here are the steps to fix it if that happens to you:

on master-1 update the expiration date in bootstrap-token-07401b.yaml
check to see if the secret already exist on the cluster kubectl get secrets -n kube-system
if it does remove it kubectl delete secrets bootstrap-token-07401b -n kube-system
reapply the yaml kubectl create -f bootstrap-token-07401b.yaml
on worker-2 restart the service sudo systemctl restart kubelet kube-proxy
on worker-2 verify the status sudo systemctl status kubelet kube-proxy

Ayman · September 23, 2022, 4:36am

Hello @jeremy.english,
Thanks for sharing!