[Bug]: Lab_08: Bootstrapping the Kubernetes Control Plane: Server URL is incorrect in kube-scheduler.kubeconfig

Question

[Bug]: Lab_08: Bootstrapping the Kubernetes Control Plane: Server URL is incorrect in kube-scheduler.kubeconfig

lethanhson9901 opened this issue 6 months ago · comments

lethanhson9901 commented 6 months ago

Your Workstation

Ubuntu, 16 GB RAM, 8 core i7 CPU

What happened?

I followed your instruction file. But when the last check command: ./cert_verify.sh. I got this output:

vagrant@master-1:~$ ./cert_verify.sh 3
ca cert found, verifying the authenticity
ca cert is correct
etcd-server cert and key found, verifying the authenticity
etcd-server cert and key are correct
ca cert and key found, verifying the authenticity
ca cert and key are correct
kube-apiserver cert and key found, verifying the authenticity
kube-apiserver cert and key are correct
kube-controller-manager cert and key found, verifying the authenticity
kube-controller-manager cert and key are correct
kube-scheduler cert and key found, verifying the authenticity
kube-scheduler cert and key are correct
service-account cert and key found, verifying the authenticity
service-account cert and key are correct
apiserver-kubelet-client cert and key found, verifying the authenticity
apiserver-kubelet-client cert and key are correct
etcd-server cert and key found, verifying the authenticity
etcd-server cert and key are correct
Checking /var/lib/kubernetes/kube-controller-manager.kubeconfig
/var/lib/kubernetes/kube-controller-manager.kubeconfig found
Path to CA certificate is correct
Path to client certificate is correct
Path to client key is correct
Server URL is correct
Checking /var/lib/kubernetes/kube-scheduler.kubeconfig
/var/lib/kubernetes/kube-scheduler.kubeconfig found
Path to CA certificate is correct
Path to client certificate is correct
Path to client key is correct
Server URL  is incorrect

I also check kube-scheduler.kubeconfig file, which was generated in lab05, but I dont know how to fix that bug:

vagrant@master-1:~$ cat /var/lib/kubernetes/kube-scheduler.kubeconfig
apiVersion: v1
clusters: null
contexts:
- context:
    cluster: kubernetes-the-hard-way
    user: system:kube-scheduler
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: system:kube-scheduler
  user:
    client-certificate: /var/lib/kubernetes/pki/kube-scheduler.crt
    client-key: /var/lib/kubernetes/pki/kube-scheduler.key

Please help me, thanks!

Relevant log output

No response

lethanhson9901 · Answer 1 · Mon Dec 04 2023 12:33:50 GMT+0800 (China Standard Time)

I also debug:

Because api server is https://127.0.0.1:6443/. And ChatGPT hint that:
The value for <KUBERNETES_API_SERVER_ENDPOINT> in the kube-scheduler configuration depends on where your kube-scheduler is running in relation to the Kubernetes API server. Here are the typical scenarios:
1. If the kube-scheduler is running on the same machine as the Kubernetes API server: You can use 127.0.0.1:6443. This local loopback address assumes that the kube-scheduler and the API server are on the same node, and it will connect to the API server on the local machine.
2. If the kube-scheduler is running on a different machine than the Kubernetes API server: You should use the actual IP address or DNS name of the Kubernetes API server, like https://192.168.56.11:6443. This ensures that the kube-scheduler can reach the API server over the network.
In most Kubernetes setups, especially in production or multi-node environments, the kube-scheduler is not typically on the same machine as the API server. In such cases, you need to use the actual network address. However, in single-node setups or for certain testing scenarios, it might be on the same node, and using 127.0.0.1:6443 would be appropriate.

Which IP should I choose: 127.0.0.1 or INTERNAL_IP (like: 192.168.56.11).

# INTERNAL_IP=$(ip addr show enp0s8 | grep "inet " | awk '{print $2}' | cut -d / -f 1)
LOCAL_IP="127.0.0.1"
cat <<EOF | sudo tee /var/lib/kubernetes/kube-scheduler.kubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /var/lib/kubernetes/pki/ca.crt
    server: https://${LOCAL_IP}:6443
  name: kubernetes-the-hard-way
contexts:
- context:
    cluster: kubernetes-the-hard-way
    user: system:kube-scheduler
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: system:kube-scheduler
  user:
    client-certificate: /var/lib/kubernetes/pki/kube-scheduler.crt
    client-key: /var/lib/kubernetes/pki/kube-scheduler.key
EOF

Alistair Mackay · Answer 2 · Tue Dec 05 2023 02:50:04 GMT+0800 (China Standard Time)

In this lab the scheduler is running on the same host as the API server. The kube-scheduler.kubeconfig is created in step 5 and will use 127.0.0.1:6443.

I also check kube-scheduler.kubeconfig file, which was generated in lab05, but I dont know how to fix that bug:

From what you pasted below that comment, it looks like you did not run the following during lab05

  kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=/var/lib/kubernetes/pki/ca.crt \
    --server=https://127.0.0.1:6443 \
    --kubeconfig=kube-scheduler.kubeconfig

Please

Don't trust ChatGPT as a source of truth
Do follow the instructions in this lab to the letter. If you miss any step, no matter how small, things will not work.

lethanhson9901 · Answer 3 · Tue Dec 19 2023 12:03:55 GMT+0800 (China Standard Time)

I've solved this, thank you so much !