Ok,
I got to reproduce the error I had yesterday.
Here's the path :
1- one vm with centos 7
2- install kubeadm v1.8.3
3- kubeadm init
4- install openvswitch (v2.8.1)
5- follow the instruction of set-master.sh
6- ln -s /etc/kubernetes/pki/ca.crt /etc/openvswitch/k8s-ca.crt
7- cp etc/ovn-k8s.conf /etc/openvswitch /
8- try to start ovn-k8s-watcher and watch it fails. See the log
below. Seems the watcher really needs a kubeconfig file to use.
cmdline :
ovn-k8s-watcher --overlay --pidfile --log-file -vfile:info
-vconsole:emer
kubeadm init set RBAC by default. It seems the watcher is not able to
provide authentication.
ov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 0 | watcher | ERR
| failed in _sync_k8s_pods (Failed to fetch pod:all_pods in namespace
all (403)
:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods
is forbidden: User \"system:anonymous\" cannot list pods at the cluster
scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
)
Traceback (most recent call
last):
File
"/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 80,
in _sync_k8s_pods
pods =
kubernetes.get_all_pods(variables.K8S_API_SERVER)
File
"/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
194, in get_all_pods
return
_get_objects(url, 'all', 'pod', "all_pods")
File
"/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
181, in _get_objects
response.status_code, response.text))
Exception: Failed to fetch
pod:all_pods in namespace all (403)
:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods
is forbidden: User \"system:anonymous\" cannot list pods at the cluster
scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 1 | watcher | ERR |
failed in _sync_k8s_services (Failed to fetch service:all_services in
namespace all (403)
:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"services
is forbidden: User \"system:anonymous\" cannot list services at the
cluster
scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
)
Traceback (most recent call
last):
File
"/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 94,
in _sync_k8s_services
services =
kubernetes.get_all_services(variables.K8S_API_SERVER)
File
"/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
199, in get_all_services
return
_get_objects(url, 'all', 'service', "all_services")
File
"/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
181, in _get_objects
response.status_code, response.text))
Exception: Failed to fetch
service:all_services in namespace all (403)
:{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"services
is forbidden: User \"system:anonymous\" cannot list services at the
cluster
scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 2 | watcher
(GreenThread-1) | ERR | Failure in watcher PodWatcher
Traceback (most recent call
last):
File
"/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 61,
in _process_func
watcher.process()
File
"/usr/lib/python2.7/site-packages/ovn_k8s/watcher/pod_watcher.py", line
83, in process
self._process_pod_event)
File
"/usr/lib/python2.7/site-packages/ovn_k8s/common/util.py", line 77, in
process_stream
line = next(data_stream)
TypeError: NoneType object
is not an iterator
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
