Cockroach: Rancher 2.0 - CSR approved, but no certificate in response. Waiting some more

Created on 31 Jul 2018  路  6Comments  路  Source: cockroachdb/cockroach

It seems like something is missing in the kubernetes cluster created by rancher 2.0.
Everything works fine except the CSR approval, which ends up with an infinity loop of CSR approved, but no certificate in response. Waiting some more.

picture wzrdtales
1 👍1

Most helpful comment

The official description:
enable kubenertes controller manager's default certs signer
and
Modify Kubernetes services' default options using RKE

If you are using Kubernetes created by rancher2.0, steps are:

  1. Edit your cluster in rancher2.0

  2. Click "Edit as YAML" button and edit as the following:
    yaml services: kube-controller: extra_args: cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"

picture happyyangyuan on 12 Sep 2018
👍101

All 6 comments

Turns out it needs to be indeed configured first. Here is the issue telling how
https://github.com/rancher/rancher/issues/14041

wzrdtales picture wzrdtales on 31 Jul 2018
👍1

Could you pease describe how you solved this issue with more details? Thank you very much.

happyyangyuan picture happyyangyuan on 3 Aug 2018

Look at the issue over there rancher/rancher#14041, follow the instructions in this link
https://github.com/JasonvanBrackel/metrics-server-on-rancher-2.0.2

Add this to the config

    "kubeController": { 
        "type": "/v3/schemas/kubeControllerService",
        "extraArgs": {
        "cluster-signing-cert-file": "/etc/kubernetes/ssl/kube-ca.pem",
        "cluster-signing-key-file": "/etc/kubernetes/ssl/kube-ca-key.pem"
        }
    },
wzrdtales picture wzrdtales on 3 Aug 2018

Thanks very much. In rancher v2.0.3 and later version we can edit rancher cluster definition yaml file directly to achieve this. I will try out this.

happyyangyuan picture happyyangyuan on 5 Aug 2018

The official description:
enable kubenertes controller manager's default certs signer
and
Modify Kubernetes services' default options using RKE

If you are using Kubernetes created by rancher2.0, steps are:

  1. Edit your cluster in rancher2.0

  2. Click "Edit as YAML" button and edit as the following:
    yaml services: kube-controller: extra_args: cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"

happyyangyuan picture happyyangyuan on 12 Sep 2018
👍101

@happyyangyuan thanks solved

smilelikeshit picture smilelikeshit on 8 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xudongzheng picture xudongzheng  路  3Comments
magaldima picture magaldima  路  3Comments
couchand picture couchand  路  3Comments
danhhz picture danhhz  路  3Comments
tim-o picture tim-o  路  3Comments