Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm token not renewed on CAPA #1720

Closed
alex-dabija opened this issue Dec 1, 2022 · 9 comments
Closed

kubeadm token not renewed on CAPA #1720

alex-dabija opened this issue Dec 1, 2022 · 9 comments
Assignees
@bdehri
Labels
area/kaas Mission: Cloud Native Platform - Self-driving Kubernetes as a Service kind/bug provider/cluster-api-aws Cluster API based running on AWS topic/capi

Comments

@alex-dabija
Copy link

alex-dabija commented Dec 1, 2022
edited
Loading

Issue

kubeadm token is not renewed on CAPA and new nodes are unable to join the cluster. This happened on grizzly.

We are supposed to already have a fix for this, but for some reason it didn't work. We think it's probably because the cluster was created before the fix was rolled out, but it's just guessing.

The issue needs to be confirmed.
@alex-dabija alex-dabija changed the title kubeadm token not renewed on capa kubeadm token not renewed on CAPA Dec 1, 2022
@alex-dabija alex-dabija added area/kaas Mission: Cloud Native Platform - Self-driving Kubernetes as a Service team/hydra topic/capi provider/cluster-api-aws Cluster API based running on AWS kind/bug labels Dec 1, 2022
@bdehri bdehri self-assigned this Dec 5, 2022
@bdehri
Copy link

bdehri commented Dec 5, 2022

@alex-dabija Does this also happen on WCs?

@alex-dabija
Copy link
Author

@alex-dabija Does this also happen on WCs?

Yes, it should be reproducible on workload clusters because a management cluster is just a workload cluster with more applications running on it.

@tuladhar
Copy link

tuladhar commented Dec 8, 2022

On grizzly MC, we tested scaling the control planes node for berk1 WC, and they were able to join the cluster.

puru@giantswarm (gs-grizzly-berk1-clientcert) ~/grizzly> kubectl get nodes
NAME                                          STATUS   ROLES                  AGE     VERSION
ip-10-31-120-92.eu-west-2.compute.internal    Ready    control-plane,master   91s     v1.23.13
ip-10-31-186-244.eu-west-2.compute.internal   Ready    control-plane,master   17m     v1.23.13
ip-10-31-220-52.eu-west-2.compute.internal    Ready    control-plane,master   2m57s   v1.23.13
ip-10-31-255-27.eu-west-2.compute.internal    Ready    control-plane,master   22m     v1.23.13
ip-10-31-83-82.eu-west-2.compute.internal     Ready    control-plane,master   19m     v1.23.13

@calvix
Copy link

calvix commented Dec 8, 2022

@tuladhar the issue only occurs for MachinePool as for control-plane node a new kubeadmconfig is generated for each new machine and the token is always fresh

@bdehri
Copy link

bdehri commented Dec 9, 2022

We took a look at cluster-api repository with @tuladhar . Refreshment of the token secrets is dependent existence of the token secret itself which explains why we had problems with our Capa MCs at the moment. But I could not find what deletes the secrets in the first place. I have checked api-server audit logs but I could not found anything there.

@alex-dabija alex-dabija mentioned this issue Dec 13, 2022
Closed
14 tasks
@bdehri
Copy link

bdehri commented Dec 13, 2022

kubernetes-sigs/cluster-api#7717

@primeroz primeroz mentioned this issue Dec 13, 2022
Closed
3 tasks
@bdehri
Copy link

bdehri commented Jan 4, 2023

PR is merged, waiting for a release.

@bdehri
Copy link

bdehri commented Jan 6, 2023

It will be part of 1.4 release, custom kubeadm controller is deployed to all CAPA MCs with flux enabled.

@bdehri bdehri closed this as completed Jan 6, 2023
@primeroz
Copy link

It will be part of 1.4 release, custom kubeadm controller is deployed to all CAPA MCs with flux enabled.

I think this was just released in 1.2.9 as a cherry pick if we want to move back to upstream image

@AndiDog AndiDog mentioned this issue Jan 24, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bdehri bdehri

Labels
area/kaas Mission: Cloud Native Platform - Self-driving Kubernetes as a Service kind/bug provider/cluster-api-aws Cluster API based running on AWS topic/capi
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@alex-dabija @primeroz @tuladhar @calvix @bdehri