I have a utility cluster ("cloudops"), created with kops, that I use for a bunch of non-customer facing, DevOps-y workloads. I decided to give Federation a shot for my customer-facing clusters.
So, I created two kubernetes clusters ("appo" and "cody") in AWS with `kops` with the following commands: kops create cluster --name cody.us-east-1e.derr.me --zones us-east-1e --vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr 10.10.0.0/16 --topology private --networking calico --ssh-public-key ~/.ssh/id_rsa.pub kops create cluster --name appo.us-east-1e.derr.me --zones us-east-1e --vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr 10.10.0.0/16 --topology private --networking calico --ssh-public-key ~/.ssh/id_rsa.pub The only change I made with `kops edit` was to ensure they had AWS VPC subnets that do not conflict with one another. I then started a federated control plane: kubefed init troopers --host-cluster-context=cloudops.us-east-1e.derr.me --dns-provider=aws-route53 --dns-zone-name=fed.derr.me and then added these two clusters to this federated control plane: kubefed join cody --host-cluster-context=troopers --cluster-context=cody.us-east-1d.derr.me kubefed join appo --host-cluster-context=troopers --cluster-context=appo.us-east-1e.derr.me >From this point, the federated API server will just throw endless TLS errors and federation never begins. I0208 16:32:40.007161 1 logs.go:41] http: TLS handshake error from 10.10.55.2:37510: EOF I0208 16:32:40.007730 1 logs.go:41] http: TLS handshake error from 100.78.245.128:48267: EOF I0208 16:32:40.007944 1 logs.go:41] http: TLS handshake error from 100.123.106.0:53971: EOF I0208 16:32:40.008085 1 logs.go:41] http: TLS handshake error from 100.76.57.192:58049: EOF I0208 16:32:40.008224 1 logs.go:41] http: TLS handshake error from 100.110.103.8:21103: EOF I0208 16:32:40.008362 1 logs.go:41] http: TLS handshake error from 100.97.177.64:53690: EOF I0208 16:32:40.008621 1 logs.go:41] http: TLS handshake error from 100.120.95.192:58706: EOF What am I missing here? -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.