sangpengembara1979 opened a new issue #4742:
URL: https://github.com/apache/cloudstack/issues/4742
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and master branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
Kubernetes Service
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master
branch.
-->
~~~
4.15.0.0
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-master.yml
kubeadm init --token {{ k8s_master.cluster.token }} {{
k8s_master.cluster.initargs }}
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
##### SUMMARY
<!-- Explain the problem/feature briefly -->
Scaling out after 24 hours from Kubernetes Cluster creation will fail
because the Kubeadm Init Token TTL is only 24 hours.
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
1. Create a new Kubernetes Cluster and wait after 24 hours when the Kubeadm
Init Token is expired.
2. Scale out the Kubernetes Cluster and it will stuck in deploy-kube-system
process because it will use the OLD Expired Token.
3. Going to the MASTER node, kubedm token list , there is no TOKEN since the
INIT TOKEN is already expired.
4. Creating a new token on MASTER and modify the deploy-kube-system will
make the new NODE able to join to cluster. Manually.
<!-- Paste example playbooks or commands between quotes below -->
~~~
admin-kube-ha-master-1 core # kubeadm token list
TOKEN TTL EXPIRES USAGES
DESCRIPTION EXTRA GROUPS
5e595f.e0fde74405a4d346 6h 2021-03-02T09:04:28Z
authentication,signing The default bootstrap token generated by 'kubeadm
init'. system:bootstrappers:kubeadm:default-node-token
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
The kubernetes cluster should be able to scale out.
~~~
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
1. The kubernetes cluster will stuck at deploy-kube-system because it is
using the old expired token.
2. After exceding the "cloud.kubernetes.cluster.scale.timeout" the cluster
will be on ALERT state.
3. Going into the MASTER, kubeadm token list, there is no token, since the
INIT TOKEN is already expired, and the new NODE still using the same token when
doing deploy-kube-system.
<!-- Paste verbatim command output between quotes below -->
~~~
~~~
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
