Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to provision Azure RKE cluster with cloud provider #16781

Closed
davidnuzik opened this issue Nov 29, 2018 · 2 comments
Closed

Unable to provision Azure RKE cluster with cloud provider #16781

davidnuzik opened this issue Nov 29, 2018 · 2 comments
Labels
area/cloud-provider kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement

Comments

@davidnuzik
Copy link
Contributor

davidnuzik commented Nov 29, 2018
edited

Version: master 2.2 (11/29/18)

What kind of request is this (question/bug/enhancement/feature request):
Bug

Steps to reproduce (least amount of steps as possible):

  • Create an Azure RKE, under cluster options, choose Azure for Cloud Provider. Make one node with etcd, ctrl plane, and worker.
  • Enter the necessary minimum requirements in the Azure Cloud section (aadClientId, aadClientSecret, subscriptionId, tenantId) and otherwise use default options.
  • Notice that after some time the healthcheck on the kube-apiserver will start and after some time an error will occur:
[controlPlane] Failed to bring up Control Plane: [Failed to verify healthcheck: Service [kube-apiserver] is not healthy on host [13.x.x.x]. Response code: [403], response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"kube-apiserver\" cannot get path \"/healthz\"","reason":"Forbidden","details":{},"code":403} , log: I1129 17:13:16.165013 1 storage_rbac.go:276] created rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer in kube-public]

Result:
The kube-apiserver container is unhealthy.
Is related to #16632 but this is a constant HTTP 403 (Forbidden) rather than http 500 in that error.

Other details that may be helpful:
Sometimes this error will occur even though node names are unique each time I tested:
Docker machine "david-azurerke-nodez1" already exists
And then the virtual machine will be deleted from Azure and a new one will be created. It may work this second time but still report the 403 forbidden error eventually.
The RKE will keep trying to restart the kube-apiserver to no avail.

This was tested and is working with v2.1.2 but failed at first when tested then worked eventually.

Environment information

  • Installation option (single install/HA):
    single rancher server, Azure RKE with Azure Cloud option

Log file for kube-apiserver
c62e32ca59cfee7e4248d880b22ccd4f35599bf8d0bd380301f440f3b0917c61-json.log
@davidnuzik davidnuzik added version/2.0 area/cloud-provider kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement labels Nov 29, 2018
@davidnuzik davidnuzik added this to the v2.2 milestone Nov 29, 2018
@davidnuzik
Copy link
Contributor Author

Is related to #16632 however this is a different error, HTTP 403 forbidden, rather than HTTP 500 in that issue FYI.

@bmdepesa bmdepesa changed the title Unable to provision Azure RKE with Azure cloud option Unable to provision Azure RKE cluster with cloud provider Nov 29, 2018
@davidnuzik davidnuzik mentioned this issue Dec 5, 2018
Closed
@davidnuzik
Copy link
Contributor Author

Closing issue, please refer to #16887 instead which is more specific and has narrowed down the issue.

@loganhz loganhz removed this from the v2.2 milestone Dec 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/cloud-provider kind/bug-qa Issues that have not yet hit a real release. Bugs introduced by a new feature or enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@loganhz @davidnuzik