[kubernetes-users] kops + kubefed does not result in a working federation

Wed, 08 Feb 2017 10:48:32 -0800 

I have a utility cluster ("cloudops"), created with kops, that I use for a 
bunch of non-customer facing, DevOps-y workloads. I decided to give 
Federation a shot for my customer-facing clusters.

So, I created two kubernetes clusters ("appo" and "cody") in AWS with 
`kops` with the following commands:

    kops create cluster --name cody.us-east-1e.derr.me --zones us-east-1e 
--vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr 
10.10.0.0/16 --topology private --networking calico --ssh-public-key 
~/.ssh/id_rsa.pub
    kops create cluster --name appo.us-east-1e.derr.me --zones us-east-1e 
--vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr 
10.10.0.0/16 --topology private --networking calico --ssh-public-key 
~/.ssh/id_rsa.pub

The only change I made with `kops edit` was to ensure they had AWS VPC 
subnets that do not conflict with one another.

I then started a federated control plane:

    kubefed init troopers 
--host-cluster-context=cloudops.us-east-1e.derr.me 
--dns-provider=aws-route53 --dns-zone-name=fed.derr.me

and then added these two clusters to this federated control plane:

    kubefed join cody --host-cluster-context=troopers 
--cluster-context=cody.us-east-1d.derr.me
    kubefed join appo --host-cluster-context=troopers 
--cluster-context=appo.us-east-1e.derr.me

>From this point, the federated API server will just throw endless TLS 
errors and federation never begins.

    I0208 16:32:40.007161       1 logs.go:41] http: TLS handshake error 
from 10.10.55.2:37510: EOF
    I0208 16:32:40.007730       1 logs.go:41] http: TLS handshake error 
from 100.78.245.128:48267: EOF
    I0208 16:32:40.007944       1 logs.go:41] http: TLS handshake error 
from 100.123.106.0:53971: EOF
    I0208 16:32:40.008085       1 logs.go:41] http: TLS handshake error 
from 100.76.57.192:58049: EOF
    I0208 16:32:40.008224       1 logs.go:41] http: TLS handshake error 
from 100.110.103.8:21103: EOF
    I0208 16:32:40.008362       1 logs.go:41] http: TLS handshake error 
from 100.97.177.64:53690: EOF
    I0208 16:32:40.008621       1 logs.go:41] http: TLS handshake error 
from 100.120.95.192:58706: EOF

What am I missing here? 

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
  • [kubernetes-u... Jeremy Derr
    • [kuberne... 'Madhusudan C.S.' via Kubernetes user discussion and Q&A
      • Re: ... Jeremy Derr
        • ... 'Madhusudan C.S.' via Kubernetes user discussion and Q&A

Reply via email to