Hi,
I faced the same issue.
E0201 19:13:05.849408 1 reflector.go:201]
k8s.io/dns/pkg/dns/dns.go:147: Failed to list *v1.Endpoints: Unauthorized
E0201 19:13:05.850058 1 reflector.go:201]
k8s.io/dns/pkg/dns/dns.go:150: Failed to list *v1.Service: Unauthorized
Were you able to find a solution?
Thanks,
Jerry
On Wednesday, December 20, 2017 at 10:46:28 AM UTC-8, akaas...@gmail.com
wrote:
>
> I am setting up DNS for Kubernetes services for the first time and I came
> across SkyDNS. So following documentation, my skydns-svc.yaml file is :
>
> apiVersion: v1
> kind: Service
> spec:
> clusterIP: 10.100.0.100
> ports:
> - name: dns
> port: 53
> protocol: UDP
> targetPort: 53
> - name: dns-tcp
> port: 53
> protocol: TCP
> targetPort: 53
> selector:
> k8s-app: kube-dns
> sessionAffinity: None
> type: ClusterIP
>
>
> And my skydns-rc.yaml file is :
>
> apiVersion: v1
> kind: ReplicationController
> spec:
> replicas: 1
> selector:
> k8s-app: kube-dns
> version: v18
> template:
> metadata:
> creationTimestamp: null
> labels:
> k8s-app: kube-dns
> kubernetes.io/cluster-service: "true"
> version: v18
> spec:
> containers:
> - args:
> - --domain=kube.local
> - --dns-port=10053
> image: gcr.io/google_containers/kubedns-amd64:1.6
> imagePullPolicy: IfNotPresent
> name: kubedns
> ports:
> - containerPort: 10053
> name: dns-local
> protocol: UDP
> - containerPort: 10053
> name: dns-tcp-local
> protocol: TCP
> resources:
> limits:
> cpu: 100m
> memory: 200Mi
> requests:
> cpu: 100m
> memory: 100Mi
> terminationMessagePath: /dev/termination-log
> - args:
> - --cache-size=1000
> - --no-resolv
> - --server=127.0.0.1#10053
> image: gcr.io/google_containers/kube-dnsmasq-amd64:1.3
> imagePullPolicy: IfNotPresent
> name: dnsmasq
> ports:
> - containerPort: 53
> name: dns
> protocol: UDP
> - containerPort: 53
> name: dns-tcp
> protocol: TCP
> resources: {}
> terminationMessagePath: /dev/termination-log
> - args:
> - -cmd=nslookup kubernetes.default.svc.kube.local 127.0.0.1
> >/dev/null &&
> nslookup kubernetes.default.svc.kube.local 127.0.0.1:10053
> >/dev/null
> - -port=8080
> - -quiet
> image: gcr.io/google_containers/exechealthz-amd64:1.0
> imagePullPolicy: IfNotPresent
> name: healthz
> ports:
> - containerPort: 8080
> protocol: TCP
> resources:
> limits:
> cpu: 10m
> memory: 20Mi
> requests:
> cpu: 10m
> memory: 20Mi
>
>
> Also on my minions, I updated the
> /etc/systemd/system/multi-user.target.wants/kubelet.service file and added
> the following under the ExecStart section :
>
> ExecStart=/usr/bin/kubelet \
> $KUBE_LOGTOSTDERR \
> $KUBE_LOG_LEVEL \
> $KUBELET_API_SERVER \
> $KUBELET_ADDRESS \
> $KUBELET_PORT \
> $KUBELET_HOSTNAME \
> $KUBE_ALLOW_PRIV \
> $KUBELET_POD_INFRA_CONTAINER \
> $KUBELET_ARGS \
> --cluster-dns=10.100.0.100 \
> --cluster-domain=kubernetes \
> Having done all of this and having successfully brought up the rc & svc :
>
> [root@kubernetes-master DNS]# kubectl get po | grep dns
> kube-dns-v18-hl8z6 3/3
> Running 0 6s
> [root@kubernetes-master DNS]# kubectl get svc | grep dns
> kube-dns 10.100.0.100 <none>
> 53/UDP,53/TCP 20m
> This is all that I got from a config standpoint. Now in order to test my
> setup, I downloaded busybox and tested a nslookup
>
> [root@kubernetes-master DNS]# kubectl get svc | grep kubernetes
> kubernetes 10.100.0.1 <none> 443/TCP
>
> [root@kubernetes-master DNS]# kubectl exec busybox -- nslookup kubernetes
> nslookup: can't resolve 'kubernetes'
> Server: 10.100.0.100
> Address 1: 10.100.0.100
>
> Going through the logs, I see something that might explain why this is not
> working :
>
> kubectl logs $(kubectl get pods -l k8s-app=kube-dns -o name) -c kubedns
> .
> .
> .
> E1220 17:44:48.403976 1 reflector.go:216] pkg/dns/dns.go:154: Failed
> to list *api.Endpoints: Get
> https://10.100.0.1:443/api/v1/endpoints?resourceVersion=0: x509: failed
> to load system roots and no roots provided
> E1220 17:44:48.487169 1 reflector.go:216] pkg/dns/dns.go:155: Failed
> to list *api.Service: Get
> https://10.100.0.1:443/api/v1/services?resourceVersion=0: x509: failed to
> load system roots and no roots provided
> I1220 17:44:48.487716 1 dns.go:172] Ignoring error while waiting for
> service default/kubernetes: Get
> https://10.100.0.1:443/api/v1/namespaces/default/services/kubernetes:
> x509: failed to load system roots and no roots provided. Sleeping 1s before
> retrying.
> E1220 17:44:49.410311 1 reflector.go:216] pkg/dns/dns.go:154: Failed
> to list *api.Endpoints: Get
> https://10.100.0.1:443/api/v1/endpoints?resourceVersion=0: x509: failed
> to load system roots and no roots provided
> I1220 17:44:49.492338 1 dns.go:172] Ignoring error while waiting for
> service default/kubernetes: Get
> https://10.100.0.1:443/api/v1/namespaces/default/services/kubernetes:
> x509: failed to load system roots and no roots provided. Sleeping 1s before
> retrying.
> E1220 17:44:49.493429 1 reflector.go:216] pkg/dns/dns.go:155: Failed
> to list *api.Service: Get
> https://10.100.0.1:443/api/v1/services?resourceVersion=0: x509: failed to
> load system roots and no roots provided
> .
> .
> .
> Looks like kubedns is unable to authorize against K8S master node. I even
> tried to do a manual call :
>
> curl -k https://10.100.0.1:443/api/v1/endpoints?resourceVersion=0
> Unauthorized
>
>
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
