Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] "bad certificate" error - which dependency? #163

Closed
pwFoo opened this issue Mar 5, 2019 · 3 comments
Closed

[Question] "bad certificate" error - which dependency? #163

pwFoo opened this issue Mar 5, 2019 · 3 comments

Comments

@pwFoo
Copy link

pwFoo commented Mar 5, 2019

I tried to start k3s with an minimal and custom linux os. Looks like I missed an dependency because of the bad certificate error?

INFO[2019-03-05T21:56:43.935544567Z] Node token is available at /var/lib/rancher/k3s/server/node-token 
INFO[2019-03-05T21:56:43.938445642Z] To join node to cluster: k3s agent -s https://10.0.2.15:6443 -t ${NODE_TOKEN} 
DEBU[2019-03-05T21:56:44.020062662Z] 2019/03/05 21:56:44 http: TLS handshake error from 127.0.0.1:51502: remote error: tls: bad certificate 
INFO[2019-03-05T21:56:44.058142414Z] Wrote kubeconfig /etc/rancher/k3s/k3s.yaml   
INFO[2019-03-05T21:56:44.059641236Z] Run: k3s kubectl                             
INFO[2019-03-05T21:56:44.061035027Z] k3s is up and running                        
DEBU[2019-03-05T21:56:44.075399790Z] 2019/03/05 21:56:44 http: TLS handshake error from 127.0.0.1:51510: remote error: tls: bad certificate 
DEBU[2019-03-05T21:56:44.117059043Z] 2019/03/05 21:56:44 http: TLS handshake error from 127.0.0.1:51516: remote error: tls: bad certificate 
INFO[2019-03-05T21:56:44.182152409Z] Logging containerd to /var/lib/rancher/k3s/agent/containerd/containerd.log 
INFO[2019-03-05T21:56:44.184427732Z] Running containerd -c /var/lib/rancher/k3s/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /ru 
INFO[2019-03-05T21:56:44.190723546Z] Waiting for containerd startup: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection e 
containerd: exit status 1
@ibuildthecloud
Copy link
Contributor

bad certificate is not an actual error, that just happens during startup until a proper cert is generated. That is why it's printed at DEBUG level.

The most common cause of what you are seeing is that your hostname is not in your /etc/hosts file and bound to a local IP (example: 127.0.0.1). This requirement should be removed in the future, but we need to hack up containerd/kubelet a bit to remove it. To fix run

echo 127.0.1.1 $(hostname) >> /etc/hosts`

@pwFoo
Copy link
Author

pwFoo commented Mar 6, 2019

Fixes it with my normal linux distribution and forgot about that with my custum build... Have to test it.

@pwFoo
Copy link
Author

pwFoo commented Mar 6, 2019

Found it in containerd.log. Fixed by /etc/hosts entry. Thanks!

@pwFoo pwFoo closed this as completed Mar 6, 2019
@castironclay castironclay mentioned this issue Mar 1, 2020
Closed
@taoyouh taoyouh mentioned this issue Apr 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pwFoo @ibuildthecloud