I am having k8s cluster on centos7.2 with 1 master and 2 slaves. The cluster is working fine as far as it is serving on port 8080 but when I tries to secure Kube-API server by using certificates, I felt into the above error after restarting the kube-apiserver service and it is continuously writing this error in my log file at /var/log/messages.
kube-apiserver is started as-
KUBE_API_ADDRESS="--bind-address=0.0.0.0"
KUBE_API_PORT="--secure-port=6443"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://kube-master:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ALLOW_PRIV="--allow-privileged=true"
KUBE_API_TLS_CERT_FILE="--tls-cert-file=/home/abc/server.cert"
KUBE_API_TLS_PRIVATE_KEY_FILE="--tls-private-key- file=/home/abc/server.key"
KUBE_API_TOKEN_AUTH_FILE="--token-auth-file=/home/abc/token.csv" </br>
I am accessing API server using kubectl command as
kubectl --v=4 --server="https://$ip:6443" --certificate-authority="./ca.crt" --token="abcdTOKEN1234" get nodes
After that I am getting following error-
2930 helpers.go:153] Connection error: Get https://$ip:6443/api: x509: certificate signed by unknown authority
2930 helpers.go:96] Unable to connect to the server: x509: certificate signed by unknown authority
I performed same steps on ubuntu 14.04 and are working fine. I am not able to figure out where exactly I'm missing. Can anyone knows where I am wrong ? Thanks in advance.
Related
I am trying to connect to a Samba server in Airflow using the SambaHook class. The Samba server requires Kerberos authentication.
I have already defined a Samba connection in Airflow using the following parameters:
Host,Schema and Extra {"auth": "kerberos"}
airflow connections add "samba_repo" --conn-type "samba" --conn-host "myhost.mywork.com" --conn-schema "fld" --conn-extra '{"auth": "kerberos"}'
I'm trying to use the SambaHook class in Airflow to connect to a Samba server. When I run my code, I get the following error:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism
However, when I use smbclient to connect to the same server using Kerberos authentication from the Docker terminal, it works fine with the command: smbclient //'myhost'/'fld' -c 'ls "\workpath\*" ' -k
What I tried: I set up a connection to the Samba server in Airflow using the SambaHook class and tried to use the listdirmethod to retrieve a list of files in a specific directory.
What I expected to happen: I expected the listdir method to successfully retrieve a list of files in the specified directory from the Samba server.
What actually resulted: Instead, I encountered the following error message:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism
I am tying to connect to sftp server via testapp using curl_7.74 and libssh2_1.8.2. this working in ubuntu 16.04 desktop but not on my embedded environment.
following error is thrown
root#phyboard-segin-imx6ul-2:~# ./sftptest
st.st_size:[0]
Trying 115.249.3.130:2222...
Connected to sftp-xxxxxxxx.mydomain.net (xxx.249.3.130) port 2222 (#0)
Failure establishing ssh session: -43, Failed getting banner
Closing connection 0
curl told us 2
somebody pls throw some light on it :)
Local flywheel is not starting properly because it cannot open port 443 ("Heads-up!, Local's routing is having trouble starting" is the message).
I used netstats -o and nothing was using port 443.
The log from FlyWheel says:
bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way forbidden by its access permissions)
try this
run CMD as admin
type net stop http
There is an easy solution...
Preferences> Advanced> Router Mode > Localhost
It will work then.
You can watch this too
Heads up! Local's router is having trouble starting - Solved
I make a server and request successfully in windows,then I put them to the linux which is the develop machine of company.
And I Got Connect Failed error when I run the clien.py. I have changed the host IP to localhost,0.0.0.0,127.0.0.1 and the IP of develop machine,but it doesn't work.
And I tried the docker inspect command,but the IPAddress is empty like "".
And I changed the port to 8500,8501,4321 and still got the error.
I tried make proxy to the company,the request returns a Name resolution failure error.So I think maybe the cause is the net of company?
Any answer would be very appreciate!
The Error Message:
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Connect Failed"
debug_error_string = "{"created":"#1551677753.381330483","description":"Failed to create subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":2721,"referenced_errors":[{"created":"#1551677753.381328206","description":"Pick Cancelled","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":241,"referenced_errors":[{"created":"#1551677753.381303114","description":"Connect Failed","file":"src/core/ext/filters/client_channel/subchannel.cc","file_line":689,"grpc_status":14,"referenced_errors":[{"created":"#1551677753.381278484","description":"Failed to connect to remote host: OS Error","errno":111,"file":"src/core/lib/iomgr/tcp_client_posix.cc","file_line":205,"os_error":"Connection refused","syscall":"connect","target_address":"ipv4:0.0.0.0:8501"}]}]}]}"
I am trying on an application and previously it worked and the data was able to be persisted into MongoDB. But recenntly , we had a change of router and thus we went ahead to regenerate SDK and etc but we still has the connection error.
Error :
2017/01/26 9:24:27 [WARNING] [kaa_bootstrap_manager.c:612] (-7) - Could not find next Bootstrap access point (protocol: id=0x56C8FF92, version=1)
2017/01/26 9:24:27 [ERROR] [kaa_tcp_channel.c:307] (-7) - Kaa TCP channel [0x929A2016] error notifying bootstrap manager on access point failure
2017/01/26 9:24:27 [ERROR] [kaa_client.c:240] (-7) - Failed to process OUT event for the client socket 3
And thus , we went ahead with troubleshooting where one of the staffs i emailed passed me a link for troubleshooting .
https://kaaproject.github.io/kaa/docs/v0.10.0/Administration-guide/Troubleshooting/
I followed already but i had an error where im stucked with writing 'kaa-node restart' to restart the node service.
Here are the commands for troubleshooting:
Connect to your Kaa Sandbox via ssh:
$ ssh kaa#<YOUR-SANDBOX-IP>
password: kaa
Stop the Kaa service:
$ sudo service kaa-node stop
Clear the Kaa logs:
$ sudo rm -rf /var/log/kaa/*
Start the Kaa service:
$ sudo service kaa-node start
I typed 'sudo service kaa-node start'. it gave me:
kaa#kaa-sandbox.kaaproject.org:~$ sudo service kaa-node start
* Starting Kaa Node daemon (kaa-node):
/bin/bash: /var/log/kaa/kaa-node-server.init.log: Permission denied
Try verifying the Kaa host on the Management page. Also, the Sandbox Web UI (the Management page) is able to restart all the necessary Kaa services on the Sandbox after the Kaa host change.
Please note that the Kaa host should match the PC host IP address accessible from the network your applications are running in.
Please try and let me know if this works for you.