English
« Back to projectatomic.io
Ask Your Question
0

Missing apiserver.crt - Unable to listen for secure

asked 2015-02-24 15:00:32 +0000

pwFoo gravatar image

updated 2015-02-25 13:48:49 +0000

kube-apiserver doesn't work. apiseerver.crt is missing and kube-controller forever is waiting for completion of an operation.

Feb 24 14:53:21 atomic01 kube-apiserver[619]: E0224 14:53:21.971924     619 apiserver.go:269] Unable to listen for secure (open /var/run/kubernetes/apiserver.crt: no such file or directory); will try again.
Feb 24 14:53:23 atomic01 kube-controller-manager[618]: I0224 14:53:23.144724     618 restclient.go:146] Waiting for completion of operation 1
Feb 24 14:53:25 atomic01 kube-controller-manager[618]: I0224 14:53:25.146230     618 restclient.go:146] Waiting for completion of operation 1

Any idea how to fix it?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-02-24 17:45:30 +0000

updated 2015-02-25 15:24:24 +0000

What does KUBEAPIADDRESS and KUBE_MASTER look like in your /etc/kubernetes/apiserver? I see that error as well as the apiserver is trying to create a self-signed cert to listen on 8443, but it's also listening on 0.0.0.0:8080 without SSL.

I've got KUBE_MASTER set to use <localip>:8080. That variable (from the comment in the config file) is where the controller looks for the apiserver.</localip>

[Edit to try to preserve formatting] Add the following as /etc/systemd/system/kube-apiserver.service.d/10-varrun-build.conf and see if that helps:

[Service]
# Run ExecStartPre with root-permissions
PermissionsStartOnly=true
ExecStartPre=-/usr/bin/mkdir /var/run/kubernetes
ExecStartPre=/usr/bin/chown -R kube:kube /var/run/kubernetes/

then do a systemctl daemon-reload and restart the service.

This will create the /var/run structure and allow the apiserver to create the crt/key, but I think there's something else happening on your system. I see those errors in my apiserver logs, but don't have any daemons crashing.

edit flag offensive delete link more

Comments

Haven't changed anything there. Some services seems to be crashed after atomic upgrade (devicemapper, apiserver, ...). Here the config file: ### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--address=127.0.0.1" # The port on the local server to listen on. KUBE_API_PORT="--port=8080" # How the replication controller and scheduler find the kube-apiserver KUBE_MASTER="--master=127.0.0.1:8080" # Port minions listen on KUBELET_PORT="--kubelet_port=10250" # Address range to use for services KUBE_SERVICE_ADDRESSES="--portal_net=10.254.0.0/16" # Add you own! KUBE_API_ARGS=""

pwFoo ( 2015-02-25 13:43:55 +0000 )edit

comment not formatted... I post again the two lines only... KUBE_API_ADDRESS="--address=127.0.0.1" KUBE_MASTER="--master=127.0.0.1:8080"

pwFoo ( 2015-02-25 13:47:06 +0000 )edit

Edited my previous answer to provide an update, this box is too small and won't format properly.

nzwulfin ( 2015-02-25 15:25:21 +0000 )edit

Maybe I should reinstall Fedora Atomic because after some updates it doesn't work at all (devicemapper and docker is fixed, but apiserver doesn't work at the moment) ...

pwFoo ( 2015-02-26 12:45:36 +0000 )edit

Added a service which creates the /var/run/ directory at boot time. After booting there is a apiserver.crt and apiserver.key, but there are still "waiting for completion of operation" at journal. See issue: http://ask.projectatomic.io/en/question/208/i-there-a-kubernetes-dependency-with-cloud-init/

pwFoo ( 2015-03-12 10:07:23 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2015-02-24 15:00:32 +0000

Seen: 4,532 times

Last updated: Feb 25 '15