kubeadm init: failure loading apiserver certificate: the certificate is not valid yet #2703
Comments
|
I've got this here too. I even tried After running I'm not sure if this has significance or not edit: Boom. Here we go: |
|
I'm getting the same kubeadm error (unknown flag --ignore-preflight-errors) when trying to start kube 1.8.10 in minikube. I can start kube 1.8.0 with minikube 0.25.2, the highest 1.8.x that it supports. But I cannot start kube 1.8.10 with minikube 0.26.0 because the arg to kubeadm is not supported. When you look at the kubeadm command minikube is trying to run, in Jan 2018 it was changed from “--skip-preflight-checks” to a bunch of “--ignore-preflight-errors" args. The variable kubeadmInitTemplate in pkg/minikube/bootstrapper/kubeadm/templates.go is hard coded to use it regardless of what kube version you tell it to use. That appears to be a new 1.9.x and 1.10.x arg. The kubeadm downloaded for 1.8.x does not support the new arg, hence the error. The kubeadm downloaded for 1.9.x does, but something chokes when starting these things up, and it’s not clear to me on what. |
|
+1 I also got the same I was able to work around it temporarily by downgrading to minikube 0.25.2, thanks for the tip @mrballcb! |
|
Needs to be conditionalized for kubeadm 1.8, the old arg was deprecated in 1.9 that was why. #2403
|
|
Obviously storing the kubeadm log and testing the releases with 1.5.x, 1.6.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x would also be good (although I guess at least some of those must be truly deprecated by now... ?) Localkube says it supports 1.3.x and up, but then again it has been deprecated itself - so what does it know. If I read the Kubernetes docs correctly, they say that 1.7.x and earlier are now end-of-life ? But not 1.8 |
|
Minikube v0.26 works fine on Ubuntu 16.04. This is not fair :( |
|
as workaround - I started minikube from this release https://github.com/kubernetes/minikube/releases/tag/v0.25.1 |
|
Minikube 0.26.0 cluster initialization still failing. My dependency is on k8s-v1.10 cluster. How soon can we expect new version release with few important fixes like #2721 Is anyone able to run Kubernetes cluster 1.10 with Minikube 0.26.0 ? |
|
Since Minikube version 0.26.0 I am getting this error too with "minikube start" on Windows 10 + VirtualBox 5.2.8 (latest). I have been sticking with 0.25.2. Related to this report I captured my details in issue #2818. |
|
I'll get same issue here: Go back to 0.25.1 works for me. Mac OS 1.12.6 |
|
+1 |
|
Still the same error on 0.27, Win 8.1 and Vbox 5.1; Going back to 0.25.2 as that's the last known good version for me. Why is minikube upgrade always so error prone :(.. Thankfully, its easy to create a new profile and test with that rather than muck with an existing working installation. |
|
I dont know if its related... But when i try to enable Audit : Start command: |
|
The same problem for me. I'm running minikube 0.28 and kubectl 1.10.3 on MacOS High Sierra 10.13.5 I used both commands:
and
This is the log file: Jun 25 19:24:08 minikube kubelet[2616]: F0625 19:24:08.210031 2616 server.go:233] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such file or directory |
tstromberg
changed the title
In January 2018, the parameter was changed. See: kubernetes/minikube#2703 Removes the error caused by: ``` Auditing=true|false (ALPHA - default=false)\n CoreDNS=true|false (default=true)\n DynamicKubeletConfig=true|false (BETA - default=false)\n -h, --help help for join\n --ignore-preflight-errors str ings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.\n --node-name string Specify the node name.\n --tls-bootstrap-token string A token used for TLS bootstrapping.\n --token string Use this token for both discovery-token and tls-bootstrap-token.\n\nGlobal Flags:\n --rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.\n -v, --v Level log level for V logs\n\nerror: unknown flag: --skip-preflight-errors", "stderr_lines": ["Error: unknown flag: --skip-preflight-errors", "Usage:", " kubeadm joi n [flags]", "", "Flags:", " --apiserver-advertise-address string If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.", " --apiserver-bind-port int32 If the node should host a new control plane instance, the port for the API Server to bind to. (default 6443)" , " --config string Path to kubeadm config file.", " --cri-socket string Specify the CRI socket to connect to. (default \"/var/run/dockershim.sock\")", " --discovery-file string A file or url from which to load cluster information.", " --discovery-token string A token used to validate cluster information fetched from the api server.", " --discovery-token-ca-cert-hash strings For token-based discovery, validate that the root CA public key matches this hash (format: \"<type>:<value>\").", " --discovery-token-unsafe-skip-ca-verification For token-based discovery, allow joining w ithout --discovery-token-ca-cert-hash pinning.", " --experimental-control-plane Create a new control plane instance on this node", " --feature-gates string A set of key=value pairs that describe feature gates for various features. Options are:", " Auditing=t rue|false (ALPHA - default=false)", " CoreDNS=true|false (default=true)", " DynamicKubeletConfig=true|false (BETA - default=false)", " -h, --help help for join", " --ignore-preflight-errors strings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.", " --node-name string Specify the node name.", " --tls-bootstrap-token string A token used for TLS bootstrapping.", " --token string Use this token for both discovery-token and tls-bootstrap-token.", "", "Global Flags:", " --rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.", " -v, --v Level log level for V logs", "", "error: unknown flag: --skip-preflight-errors"], "stdout": "", "stdout_lines": []} to retry, use: --limit @/home/wikus/seafile/files/dev/linux/ansible-playbooks/kubeadm-ansible/site.retry ``` This PR changes is to the new parameter
In January 2018, the parameter was changed. See: kubernetes/minikube#2703 Removes the error caused by: ``` Auditing=true|false (ALPHA - default=false)\n CoreDNS=true|false (default=true)\n DynamicKubeletConfig=true|false (BETA - default=false)\n -h, --help help for join\n --ignore-preflight-errors str ings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.\n --node-name string Specify the node name.\n --tls-bootstrap-token string A token used for TLS bootstrapping.\n --token string Use this token for both discovery-token and tls-bootstrap-token.\n\nGlobal Flags:\n --rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.\n -v, --v Level log level for V logs\n\nerror: unknown flag: --skip-preflight-errors", "stderr_lines": ["Error: unknown flag: --skip-preflight-errors", "Usage:", " kubeadm joi n [flags]", "", "Flags:", " --apiserver-advertise-address string If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.", " --apiserver-bind-port int32 If the node should host a new control plane instance, the port for the API Server to bind to. (default 6443)" , " --config string Path to kubeadm config file.", " --cri-socket string Specify the CRI socket to connect to. (default \"/var/run/dockershim.sock\")", " --discovery-file string A file or url from which to load cluster information.", " --discovery-token string A token used to validate cluster information fetched from the api server.", " --discovery-token-ca-cert-hash strings For token-based discovery, validate that the root CA public key matches this hash (format: \"<type>:<value>\").", " --discovery-token-unsafe-skip-ca-verification For token-based discovery, allow joining w ithout --discovery-token-ca-cert-hash pinning.", " --experimental-control-plane Create a new control plane instance on this node", " --feature-gates string A set of key=value pairs that describe feature gates for various features. Options are:", " Auditing=t rue|false (ALPHA - default=false)", " CoreDNS=true|false (default=true)", " DynamicKubeletConfig=true|false (BETA - default=false)", " -h, --help help for join", " --ignore-preflight-errors strings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.", " --node-name string Specify the node name.", " --tls-bootstrap-token string A token used for TLS bootstrapping.", " --token string Use this token for both discovery-token and tls-bootstrap-token.", "", "Global Flags:", " --rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.", " -v, --v Level log level for V logs", "", "error: unknown flag: --skip-preflight-errors"], "stdout": "", "stdout_lines": []} to retry, use: --limit @/home/wikus/seafile/files/dev/linux/ansible-playbooks/kubeadm-ansible/site.retry ``` This PR changes is to the new parameter
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT
Please provide the following details:
Environment:
Minikube version (use
minikube version): minikube version: v0.26.0cat ~/.minikube/machines/minikube/config.json | grep DriverName): virtualboxcat ~/.minikube/machines/minikube/config.json | grep -i ISOorminikube ssh cat /etc/VERSION): "Boot2DockerURL": "file:///Users/122462/.minikube/cache/iso/minikube-v0.26.0.iso",The above can be generated in one go with the following commands (can be copied and pasted directly into your terminal):
What happened:
Executed
minikube startWhat you expected to happen:
minikube successfully starts
How to reproduce it (as minimally and precisely as possible):
Execute
minikube startOutput of
minikube logs(if applicable): (not actually minikube log, I got this when executedminikube start)Anything else do we need to know: VirtualBox 5.2.8
The text was updated successfully, but these errors were encountered: