Table of Contents generated with DocToc
Troubleshooting
This guide (based on Minikube but others should be similar) explains general info on how to debug issues if a cluster creation fails.
Get logs of Cluster API controller containers
kubectl --kubeconfig minikube.kubeconfig -n capo-system logs -l control-plane=capo-controller-manager -c manager
Similarly, the logs of the other controllers in the namespaces capi-system
and cabpk-system
can be retrieved.
Master failed to start with error: node xxxx not found
Sometimes the master machine is created but fails to startup, take Ubuntu as example, open /var/log/messages
and if you see something like this:
Jul 10 00:07:58 openstack-master-5wgrw kubelet: E0710 00:07:58.444950 4340 kubelet.go:2248] node "openstack-master-5wgrw" not found
Jul 10 00:07:58 openstack-master-5wgrw kubelet: I0710 00:07:58.526091 4340 kubelet_node_status.go:72] Attempting to register node openstack-master-5wgrw
Jul 10 00:07:58 openstack-master-5wgrw kubelet: E0710 00:07:58.527398 4340 kubelet_node_status.go:94] Unable to register node "openstack-master-5wgrw" with API server: nodes "openstack-master-5wgrw" is forbidden: node "openstack-master-5wgrw.novalocal" is not allowed to modify node "openstack-master-5wgrw"
This might be caused by This issue, try the method proposed there.
providerClient authentication err
If you are using https, you must specify the CA certificate in your clouds.yaml
file, and when you encounter issue like:
kubectl --kubeconfig minikube.kubeconfig logs -n capo-system logs -l control-plane=capo-controller-manager
...
E0814 04:32:52.688514 1 machine_controller.go:204] Failed to check if machine "openstack-master-hxk9r" exists: providerClient authentication err: Post https://xxxxxxxxxxxxxxx:5000/v3/auth/tokens: x509: certificate signed by unknown authority
...
you can also add verify: false
into clouds.yaml
file to solve the problem.
clouds:
openstack:
auth:
....
region_name: "RegionOne"
interface: "public"
identity_api_version: 3
cacert: /etc/certs/cacert
verify: false
Fails in creating floating IP during cluster creation.
If you encounter rule:create_floatingip and rule:create_floatingip:floating_ip_address is disallowed by policy
when create floating ip, check with your openstack administrator, you need to be authorized to perform those actions, see issue 572 for more detailed information.
Refer to rule:create_floatingip and rule:create_floatingip:floating_ip_address for further policy information.
An alternative is to create the floating IP before create the cluster and use it.