Cannot start skydns

Question

I'm trying to install kubernetes on ubutnu (bare-metal installation). I install one master and one node and it looks fine. I installed the ui addon without a problem but when I tried to install the dns addon the pod restart itself continuously.

in kube-apiserver logs I get:

E1218 12:56:15.298118       5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
I1218 12:56:15.298220       5 handlers.go:131] GET /api/v1/services: (534.467µs) 401 [[kube2sky/v0.20.2 (linux/amd64) kubernetes/unknown] 172.27.35.39:33013]
E1218 12:56:15.298396       5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
I1218 12:56:15.298469       5 handlers.go:131] GET /api/v1/endpoints: (493.5µs) 401 [[kube2sky/v0.20.2 (linux/amd64) kubernetes/unknown] 172.27.35.39:33014]
I1218 12:56:16.001321       5 handlers.go:131] GET /healthz: (83.326µs) 0 [[Go 1.1 package http] 127.0.0.1:42096]
E1218 12:56:16.303274       5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
E1218 12:56:16.303274       5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error

And in the kube2sky container log I get the following errors:

E1218 12:57:51.713651       1 reflector.go:136] Failed to list   *api.Service: the server has asked for the client to provide credentials (get services)
E1218 12:57:51.713850       1 reflector.go:136] Failed to list *api.Endpoints: the server has asked for the client to provide credentials (get endpoints)

looks to me like I have a problem with service account and token but I looked in the kube2sky instance and I see that I have a token in /tmp/secrets/kubernetes.io/serviceaccount directory and the ca.crt is the correct ca of the cluster

I am using: ubuntu 14.04 kubernetes 1.1.2 add I try to create the dns addon from the addon directory of kubernetes 1.1.2

Answer 1

I had this same problem after updating the certificate and key of the api-server. I fixed the DNS service after removing the secret:

# Search the secret name
kubectl get pod --namespace=kube-system -l k8s-app=kube-dns -o yaml | grep -A1 serviceaccount

# Delete the current secret
kubectl delete secret/<name-of-the-secret> --namespace=kube-system

I also need to restart the whole POD, don't know if there is a better approach:

kubectl delete svc/kube-dns rc/kube-dns-v9 --namespace=kube-system
kubectl create -f dns-addon.yaml