On 16/11/2017 13:08, Guru Shetty wrote:
On 16 November 2017 at 01:56, Sébastien Bernard <[email protected]
<mailto:[email protected]>> wrote:
Ok,
I got to reproduce the error I had yesterday.
Here's the path :
1- one vm with centos 7
2- install kubeadm v1.8.3
3- kubeadm init
4- install openvswitch (v2.8.1)
5- follow the instruction of set-master.sh
6- ln -s /etc/kubernetes/pki/ca.crt /etc/openvswitch/k8s-ca.crt
7- cp etc/ovn-k8s.conf /etc/openvswitch /
8- try to start ovn-k8s-watcher and watch it fails. See the log
below. Seems the watcher really needs a kubeconfig file to use.
cmdline :
ovn-k8s-watcher --overlay --pidfile --log-file -vfile:info
-vconsole:emer
kubeadm init set RBAC by default. It seems the watcher is not able
to provide authentication.
You are right. I will work on a fix.
ovn-k8s-watcher is able to look for a token in the external_ids.
In get_api_params:
k8s_api_token = ovs_vsctl("--if-exists", "get", "Open_vSwitch", ".",
"external_ids:k8s-api-token").strip('"')
An then in stream_api function :
if api_token:
headers['Authorization'] = 'Bearer %s' % api_token
So, it should missing a few configuration parameters (a Role, a
serviceaccount, and RoleBinding).
I'll figure out something from flannel-rbac.yaml. It shouldn't be too
different.
Seb
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
