magnum does not generate cert files for kubernetes
I'm strangling with launching Kubernetes on magnum.
Environments:
- OpenStack : Rocky
- Fedora-AtomicHost-29-20190306 (also failed with Fedora-Atomic-27-20180419.0, Fedora-Atomic-26-20171030)
- Cert manager : barbican
- Run instance under KVM (not bearmetal)
Magnam template
openstack coe cluster template create fedora-29 \
--image fedora-atomic-29 \
--external-network ExtNet \
--dns-nameserver 192.168.0.100 \
--master-flavor m1.small \
--flavor m1.small \
--docker-volume-size 5 \
--network-driver flannel \
--docker-storage-driver overlay2 \
--coe kubernetes
After creation of master node, etcd and kube-apiserver failed to start with the following error.
[etcd]
embed: peerTLS: cert = /etc/etcd/certs/server.crt, key = /etc/etcd/certs/server.key, ca = , trusted-ca = /etc/etcd/certs/ca.crt, client-cert-auth = true
etcdmain: open /etc/etcd/certs/server.crt: no such file or directory
[kube-apiserver]
error: unable to load server certificate: open /etc/kubernetes/certs/server.crt: no such file or directory
Looking at heat template, /usr/lib/python2.7/dist-packages/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml, there are definitions of cert file location, but no code to generate certificate.
It is possible to restart etcd and kube-apiserver by manually generate cert files with the following procedure, but wc-notify.service failed to start.
Generating certificates : http://www.projectatomic.io/docs/gett...
Appreciate any suggestions about how to install certificates on Fedora-atomic instance.