On 16 November 2017 at 01:56, Sébastien Bernard <[email protected]> wrote:
> Ok,
>
> I got to reproduce the error I had yesterday.
>
> Here's the path :
>
> 1- one vm with centos 7
>
> 2- install kubeadm v1.8.3
>
> 3- kubeadm init
>
> 4- install openvswitch (v2.8.1)
>
> 5- follow the instruction of set-master.sh
>
> 6- ln -s /etc/kubernetes/pki/ca.crt /etc/openvswitch/k8s-ca.crt
>
> 7- cp etc/ovn-k8s.conf /etc/openvswitch /
>
> 8- try to start ovn-k8s-watcher and watch it fails. See the log below.
> Seems the watcher really needs a kubeconfig file to use.
>
> cmdline :
>
> ovn-k8s-watcher --overlay --pidfile --log-file -vfile:info
> -vconsole:emer
>
> kubeadm init set RBAC by default. It seems the watcher is not able to
> provide authentication.
>
You are right. I will work on a fix.
>
> ov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 0 | watcher | ERR |
> failed in _sync_k8s_pods (Failed to fetch pod:all_pods in namespace all
> (403)
> :{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods
> is forbidden: User \"system:anonymous\" cannot list pods at the cluster
> scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
> )
> Traceback (most recent call
> last):
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 80,
> in _sync_k8s_pods
> pods =
> kubernetes.get_all_pods(variables.K8S_API_SERVER)
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 194, in get_all_pods
> return _get_objects(url,
> 'all', 'pod', "all_pods")
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 181, in _get_objects
> response.status_code, response.text))
> Exception: Failed to fetch
> pod:all_pods in namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User
> \"system:anonymous\" cannot list pods at the cluster
> scope","reason":"Forbidden","details":{"kind":"pods"},"code":403}
> nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 1 | watcher | ERR |
> failed in _sync_k8s_services (Failed to fetch service:all_services in
> namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"services is forbidden:
> User \"system:anonymous\" cannot list services at the cluster
> scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
> )
> Traceback (most recent call
> last):
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 94,
> in _sync_k8s_services
> services =
> kubernetes.get_all_services(variables.K8S_API_SERVER)
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 199, in get_all_services
> return _get_objects(url,
> 'all', 'service', "all_services")
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/kubernetes.py", line
> 181, in _get_objects
> response.status_code, response.text))
> Exception: Failed to fetch
> service:all_services in namespace all (403) :{"kind":"Status","apiVersion"
> :"v1","metadata":{},"status":"Failure","message":"services is forbidden:
> User \"system:anonymous\" cannot list services at the cluster
> scope","reason":"Forbidden","details":{"kind":"services"},"code":403}
> nov. 16 01:09:44 km1 ovn-k8s-watcher[6186]: ovs| 2 | watcher
> (GreenThread-1) | ERR | Failure in watcher PodWatcher
> Traceback (most recent call
> last):
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/watcher.py", line 61,
> in _process_func
> watcher.process()
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/watcher/pod_watcher.py", line
> 83, in process
> self._process_pod_event)
> File
> "/usr/lib/python2.7/site-packages/ovn_k8s/common/util.py", line 77, in
> process_stream
> line = next(data_stream)
> TypeError: NoneType object is
> not an iterator
>
>
> _______________________________________________
> discuss mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
