-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gen Certs Does Not Work With Multi-master #234
Comments
could you please share your inventory? |
They are not in the kube-node group. Seems like that would allow scheduling of pods to my master nodes, which I'd rather not do. The architecture I've been working with thus far has been 3 controllers (also hosting etcd) and 3 worker nodes. Here's a sample inventory.
|
Ok, i will do some tests with your inventory. thank you :) |
Hi @rsmitty, Please confirm that the change fixes your issue. |
Confirmed working for me. Awesome awesome awesome! Thank you. |
Okay, last issue I encountered. It seems that the gen_certs.yml file does not work as expected when deploying with multiple masters. The first three tasks,
copy tokens generation script
,generate tokens for master components
, andgenerate tokens for node components
all seemed to fail for me. This is because of some combination of therun_once
directive and theinventory_hostname == groups['kube-master'][0]
filter. It seems that the first inventory_hostname is not groups['kube-master'][0], and since the run_once is defined, it only tries that one host. Commenting out run_once works, but I don't think it's a good fix. Need to do some digging on how we can always target the first master in combination with the run_once. More digging to do in that regard.The text was updated successfully, but these errors were encountered: