Cannot create Shoot with K8s version 1.17 when the `DisableGardenerServiceAccountCreation` is enabled
ialidzhikov opened this issue · comments
How to categorize this issue?
/area control-plane
/kind bug
/platform gcp
What happened:
Cannot create Shoot with K8s version 1.17 when the DisableGardenerServiceAccountCreation feature gate is enabled.
What you expected to happen:
To be able to create Shoot with K8s version 1.17 even when the DisableGardenerServiceAccountCreation feature gate is enabled.
Or alternatively to be properly documented that the DisableGardenerServiceAccountCreation feature gate does not support Shoots with K8s version 1.17.
How to reproduce it (as minimally and precisely as possible):
-
Enable
DisableGardenerServiceAccountCreation -
Create Shoot with K8s version 1.17.17
-
Make sure that the creation fails with:
lastErrors:
- description: >-
task "Waiting until shoot worker nodes have been reconciled" failed:
Error while waiting for Worker shoot--foo--testy/testy to become
ready: error during reconciliation: Error reconciling worker: Failed
while waiting for all machine deployments to be ready: machine(s)
failed: 1 error occurred:
"shoot--foo--testy-worker-rmv0g-z1-8499c-v762l": Machine
shoot--foo--testy-worker-rmv0g-z1-8499c-v762l failed to join the
cluster in 20m0s minutes.
taskID: Waiting until shoot worker nodes have been reconciled
lastUpdateTime: '2022-08-21T13:15:26Z'kubelet reports the following error logs:
Aug 21 12:55:08 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:08.851823 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:09 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:09.853381 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:11 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:11.255111 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:13 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:13.216819 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:15 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:15.962469 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:19 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:19.805588 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:25 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:25.185493 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:32 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:32.716895 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Aug 21 12:55:43 shoot--foo--testy-worker-rmv0g-z1-8499c-v762l kubelet[4257]: E0821 12:55:43.259884 4257 gce.go:909] error fetching initial token: metadata: GCE metadata "instance/service-accounts/default/token" not defined
Anything else we need to know?:
Environment:
- Gardener version (if relevant):
- Extension version: v1.24.0
- Kubernetes version (use
kubectl version): - Cloud provider or hardware configuration:
- Others:
Gardener no longer support shoot clusters with k8s version 1.17, just 1.20 or newer, ref. From this point of view, I think this issue will not be fixed and can close it?
/close as Gardener no longer support shoot clusters with k8s version 1.17
Thank you @vpnachev