restart kube-controller-manager won't erase already created secret, nor will it re-create secret. imagine how bad would it be when all applications top working just because a controller gets restarted :)
How did you run etcd? If you are running etcd with docker and user writable layer to store data, then secret will disappear after engine restart (if engine restart containers). On Wednesday, June 7, 2017 at 5:08:15 PM UTC+8, lin.for...@gmail.com wrote: > > Hi, > > I have deployed a Kubernetes cluster with kube-apiserver, > kube-controller-manager, kube-scheduler and kube-proxy deployed as static > Pod. Then set up calico network with self-host mode. Everything works fine. > > But when I restart docker engine of my master node, Calico node pod cannot > be started because it tries to mount a default secret which does not exist. > I found out kube-controller-manager will re-create secret for each > serviceaccount in each namespace after restart. But pod of daemonset like > calico node did not sync up and replaced with new created secret. That migh > be a race condition problem. Does anyone know this kind of logic in kubelet > and confirm it’s bug? > > Thanks -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
