the federation pods start and stay running. the connection to the federated clusters never succeeds, instead throwing the TLS errors I quote.
the net result is that if I submit an object (say, a namespace) to the federated control plane, it never propagates to the federated clusters. On Thu, Feb 9, 2017 at 3:10 AM 'Madhusudan C.S.' via Kubernetes user discussion and Q&A <kubernetes-users@googlegroups.com> wrote: > > > On Wednesday, February 8, 2017 at 10:48:13 AM UTC-8, Jeremy Derr wrote: > > I have a utility cluster ("cloudops"), created with kops, that I use for a > bunch of non-customer facing, DevOps-y workloads. I decided to give > Federation a shot for my customer-facing clusters. > > So, I created two kubernetes clusters ("appo" and "cody") in AWS with > `kops` with the following commands: > > kops create cluster --name cody.us-east-1e.derr.me --zones us-east-1e > --vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr > 10.10.0.0/16 --topology private --networking calico --ssh-public-key > ~/.ssh/id_rsa.pub > kops create cluster --name appo.us-east-1e.derr.me --zones us-east-1e > --vpc vpc-7a3c5d1d --dns-zone us-east-1e.derr.me --network-cidr > 10.10.0.0/16 --topology private --networking calico --ssh-public-key > ~/.ssh/id_rsa.pub > > The only change I made with `kops edit` was to ensure they had AWS VPC > subnets that do not conflict with one another. > > I then started a federated control plane: > > kubefed init troopers --host-cluster-context= > cloudops.us-east-1e.derr.me --dns-provider=aws-route53 --dns-zone-name= > fed.derr.me > > and then added these two clusters to this federated control plane: > > kubefed join cody --host-cluster-context=troopers --cluster-context= > cody.us-east-1d.derr.me > kubefed join appo --host-cluster-context=troopers --cluster-context= > appo.us-east-1e.derr.me > > From this point, the federated API server will just throw endless TLS > errors and federation never begins. > > > By "never begins", do you mean the pods keep crashing? Do the pods > restart? What does `kubectl --namespace=federation-system describe pods` > return? > > I0208 16:32:40.007161 1 logs.go:41] http: TLS handshake error > from 10.10.55.2:37510: EOF > I0208 16:32:40.007730 1 logs.go:41] http: TLS handshake error > from 100.78.245.128:48267: EOF > I0208 16:32:40.007944 1 logs.go:41] http: TLS handshake error > from 100.123.106.0:53971: EOF > I0208 16:32:40.008085 1 logs.go:41] http: TLS handshake error > from 100.76.57.192:58049: EOF > I0208 16:32:40.008224 1 logs.go:41] http: TLS handshake error > from 100.110.103.8:21103: EOF > I0208 16:32:40.008362 1 logs.go:41] http: TLS handshake error > from 100.97.177.64:53690: EOF > I0208 16:32:40.008621 1 logs.go:41] http: TLS handshake error > from 100.120.95.192:58706: EOF > > > Any idea what these addresses are? Could you give more context (more logs)? > > Also, do you see `https://` prefix in the endpoint addresses in the > cluster objects when you run `kubectl --context=troopers get clusters cody > -o yaml` and `kubectl --context=troopers get clusters appo -o yaml`? > > > > What am I missing here? > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Kubernetes user discussion and Q&A" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/kubernetes-users/LGmHHcvxvAQ/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Jeremy Derr jer...@derr.me When in trouble or in doubt, run in circles, scream and shout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.