magnum does not generate cert files for kubernetes

asked 2019-03-10 06:52:55 -0500

todotani gravatar image

updated 2019-03-12 07:31:08 -0500

I'm strangling with launching Kubernetes on magnum.


  • OpenStack : Rocky
  • Fedora-AtomicHost-29-20190306 (also failed with Fedora-Atomic-27-20180419.0, Fedora-Atomic-26-20171030)
  • Cert manager : barbican
  • Run instance under KVM (not bearmetal)

Magnam template

openstack coe cluster template create fedora-29 \
                     --image fedora-atomic-29 \
                     --external-network ExtNet \
                     --dns-nameserver \
                     --master-flavor m1.small \
                     --flavor m1.small \
                     --docker-volume-size 5 \
                     --network-driver flannel \
                     --docker-storage-driver overlay2 \
                     --coe kubernetes

After creation of master node, etcd and kube-apiserver failed to start with the following error.

embed: peerTLS: cert = /etc/etcd/certs/server.crt, key = /etc/etcd/certs/server.key, ca = , trusted-ca = /etc/etcd/certs/ca.crt, client-cert-auth = true
etcdmain: open /etc/etcd/certs/server.crt: no such file or directory

error: unable to load server certificate: open /etc/kubernetes/certs/server.crt: no such file or directory

Looking at heat template, /usr/lib/python2.7/dist-packages/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml, there are definitions of cert file location, but no code to generate certificate.

It is possible to restart etcd and kube-apiserver by manually generate cert files with the following procedure, but wc-notify.service failed to start.

Generating certificates :

Appreciate any suggestions about how to install certificates on Fedora-atomic instance.

edit retag flag offensive close merge delete