I am trying to setup Kubernetes for the first time. I am following the Fedora Manual installation guide: http://kubernetes.io/v1.0/docs/getting-started-guides/fedora/fedora_manual_config.html
I checked the logs of my API server and am getting this error:
server.go:464] Unable to listen for secure (open /var/run/kubernetes/apiserver.crt: no such file or directory); will try again.
I assume it needs some sort of cert but the installation guide doesnt mention anything about this. Here is what my apiserver config file looks like
# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port node listen on
KUBELET_PORT="--kubelet_port=10250"
# Location of the etcd cluster
#KUBE_ETCD_SERVERS="--etcd_servers=http://vagrant-master:4001"
KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/certs/serviceaccount.key"
Here is my service status
kube-apiserver.service - Kubernetes API Server
Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled)
Active: active (running) since Mon 2015-08-24 15:03:07 UTC; 5min ago
Docs: https://github.com/GoogleCloudPlatform/kubernetes
Main PID: 13663 (kube-apiserver)
CGroup: /system.slice/kube-apiserver.service
└─13663 /usr/bin/kube-apiserver --logtostderr=true --v=0 --etcd_servers=http://127.0.0.1:4001 --address=0.0.0.0 --port=8080 --kubelet_port=10250 --allow_privileged=false --service-cluster-ip-range=10.254.0.0/16 --admission_control=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service_account_key_file=/etc/kubernetes/certs/serviceaccount.key
How can i fix this error?
There are cases where the Kubelet did stop the kube-apiserver container but did not start it again. You can force it to do so with systemctl restart kubelet. service . That should attempt to start kube-apiserver and log an error at journalctl if it failed.
Specific API versions can be turned on or off by passing --runtime-config=api/<version> as a command line argument to the API server. The values for this argument are a comma-separated list of API versions.
If you would like to query the API without an official client library, you can run kubectl proxy as the command of a new sidecar container in the Pod. This way, kubectl proxy will authenticate to the API and expose it on the localhost interface of the Pod, so that other containers in the Pod can use it directly.
By default, the kube-apiserver process tries to open a secure (https) server port on port 6443 using credentials from the directory /var/run/kubernetes
. If you want to disable the secure port, you can pass --secure-port=0
which should make your error go away. Alternatively, you can manually create certificates for your cluster so that the process is able to successfully open the secure port.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With