[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Failure when adding node - Approve node certificates when bootstrapping



Michael,

On 26.06.2019 22:57, Michael Gugino wrote:

If there are no pending CSRs, then either the kubelet did not start on
the node, or the node does not have network access to the master to
request a CSR.

When the kubelet first starts, it requests a CSR for it's client cert.
That cert needs to be approved before the node can join the cluster.
After the node joins the cluster, it will issue a CSR for it's
server-side cert.  This cert is necessary for connecting to the node
for reading logs from pods.  This second CSR may report as failed if
the master is not able to successfully verify it can read the node's
server port.

Thank you for these explanations.

Meanwhile I reinstalled the node and tried again, this time everything
went smooth and I was able to add the node to the cluster.

I am pretty sure that the node had network access to the master: I just
added the masters SSH key to the node and was able to
	"ssh root os-node2 uname -a"
from the master.

Just for reference: the other possibility you mentioned was that the
kubelet did not start on the node. How would I check for that if the
problem occurs again?

Kind regards,
Robert


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]