We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Currently, there is no rotation for any expired client certification for admin, controller-manager and scheduler(kubeconfig).
It can generate any related error as follows and tenant clusters may not work as expected.
ERROR soot_default_kamajicontrolplane-0720.kube_proxy resource process failed {"resource": "kube-proxy", "error": "Unauthorized"} github.com/clastix/kamaji/controllers/soot/controllers.(*KubeProxy).Reconcile /workspace/controllers/soot/controllers/kubeproxy.go:52 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:122 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:323 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274
2023-08-02T07:08:40Z ERROR soot_default_kamajicontrolplane-0720 kubeadm function failed {"controller": "secret", "controllerGroup": "", "controllerKind": "Secret", "Secret": {"name":"bootstrap-token-0x54o6","namespace":"kube-system"}, "namespace": "kube-system", "name": "bootstrap-token-0x54o6", "reconcileID": "10b9f13b-1875-4385-a477-2391eb3bf22f", "resource": "PhaseBootstrapToken", "phase": "PhaseBootstrapToken", "error": "error updating or creating token: timed out waiting for the condition", "errorVerbose": "timed out waiting for the condition\nerror updating or creating token\ngithub.com/clastix/kamaji/internal/kubeadm.BootstrapToken\n\t/workspace/internal/kubeadm/bootstraptoken.go:23\ngithub.com/clastix/kamaji/internal/resources.(*KubeadmPhase).GetKubeadmFunction.func1\n\t/workspace/internal/resources/kubeadm_phases.go:120\ngithub.com/clastix/kamaji/internal/resources.KubeadmPhaseCreate\n\t/workspace/internal/resources/kubeadm_utils.go:151\ngithub.com/clastix/kamaji/internal/resources.(*KubeadmPhase).CreateOrUpdate\n\t/workspace/internal/resources/kubeadm_phases.go:190\ngithub.com/clastix/kamaji/internal/resources.createOrUpdate\n\t/workspace/internal/resources/resource.go:92\ngithub.com/clastix/kamaji/internal/resources.Handle\n\t/workspace/internal/resources/resource.go:67\ngithub.com/clastix/kamaji/controllers/soot/controllers.(*KubeadmPhase).Reconcile\n\t/workspace/controllers/soot/controllers/kubeadm_phase.go:40\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:235\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1594"}
error: You must be logged in to the server (Unauthorized)
To produce this situation, we can create the certification which will expire within 5 ~ 10 minutes and replace the previous one.
kubeadm kubeconfig user --config example.yaml --client-name kubernetes-admin --org system:masters --validity-period 10m
The text was updated successfully, but these errors were encountered:
prometherion
Successfully merging a pull request may close this issue.
Currently, there is no rotation for any expired client certification for admin, controller-manager and scheduler(kubeconfig).
It can generate any related error as follows and tenant clusters may not work as expected.
To produce this situation, we can create the certification which will expire within 5 ~ 10 minutes and replace the previous one.
The text was updated successfully, but these errors were encountered: