A kubeconfig file "/etc/kubernetes/admin.conf" exists already but has got the wrong API Server URL


#1

I am following protocol://v1-12.docs.kubernetes.io/docs/setup/independent/high-availability/ to setup a high avaliablity cluster

three masters : 10.240.0.4 (kb8-master1), 10.240.0.33 (kb8-master2), 10.240.0.75 (kb8-master3)
LB: 10.240.0.16 ( haproxy)

I have setup the kb8-master1 and copied the following files to rest of the masters ( kb8-master2 and kb8-master3) as instructed

In the kb8-master2

mkdir -p /etc/kubernetes/pki/etcd
mv /home/{USER}/ca.crt /etc/kubernetes/pki/ mv /home/{USER}/ca.key /etc/kubernetes/pki/
mv /home/{USER}/sa.pub /etc/kubernetes/pki/ mv /home/{USER}/sa.key /etc/kubernetes/pki/
mv /home/{USER}/front-proxy-ca.crt /etc/kubernetes/pki/ mv /home/{USER}/front-proxy-ca.key /etc/kubernetes/pki/
mv /home/{USER}/etcd-ca.crt /etc/kubernetes/pki/etcd/ca.crt mv /home/{USER}/etcd-ca.key /etc/kubernetes/pki/etcd/ca.key
mv /home/${USER}/admin.conf /etc/kubernetes/admin.conf

After that I started to follow following commands in the kb8-master2

sudo kubeadm alpha phase certs all --config kubeadm-config.yaml

Output:-

[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [kb8-master2 localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [kb8-master2 localhost] and IPs [10.240.0.33 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [kb8-master2 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.240.0.33]
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] valid certificates and keys now exist in “/etc/kubernetes/pki”
[certificates] Generated sa key and public key.

sudo kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml
Output:-
[endpoint] WARNING: port specified in api.controlPlaneEndpoint overrides api.bindPort in the controlplane address
[kubelet] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”

sudo kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml
Output:-
[endpoint] WARNING: port specified in api.controlPlaneEndpoint overrides api.bindPort in the controlplane address
[kubelet] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”

sudo kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml
Output:-
[kubeconfig] Wrote KubeConfig file to disk: “/etc/kubernetes/kubelet.conf”

sudo systemctl start kubelet

Output:-

● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since Fri 2018-11-30 04:38:52 UTC; 43s ago
Docs: protocol://kubernetes.io/docs/home/
Main PID: 26717 (kubelet)
Tasks: 13
Memory: 34.1M
CPU: 1.538s
CGroup: /system.slice/kubelet.service
└─26717 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml

export KUBECONFIG=/etc/kubernetes/admin.conf
Output:-

sudo kubectl exec -n kube-system etcd-kb8-master1 – etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=protocol://10.240.0.4:2379 member add kb8-master2 protocol://10.240.0.33:2380
Output:-

The connection to the server localhost:8080 was refused - did you specify the right host or port?

Note: I can now run kubectl get po -n kube-system in the kb8-master2 to see the pods

sudo kubeadm alpha phase etcd local --config kubeadm-config.yaml
No output

sudo kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml

Above statement give the below output and I cannot figure out the issue
Output:-
a kubeconfig file “/etc/kubernetes/admin.conf” exists already but has got the wrong API Server URL

Below the kubeadm-config.yaml file I am using in the kb8-master2

apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
kubernetesVersion: v1.12.2
apiServerCertSANs:
- “10.240.0.16”
controlPlaneEndpoint: “10.240.0.16:6443”
etcd:
_ local:_
_ extraArgs:_
_ listen-client-urls: “protocol://127.0.0.1:2379,protocol://10.240.0.33:2379”_
_ advertise-client-urls: “protocol://10.240.0.33:2379”_
_ listen-peer-urls: “protocol://10.240.0.33:2380”_
_ initial-advertise-peer-urls: “protocol://10.240.0.33:2380”_
_ initial-cluster: “kb8-master1=protocol://10.240.0.4:2380,kb8-master2=protocol://10.240.0.33:2380”_
_ initial-cluster-state: existing_
_ serverCertSANs:_
_ - kb8-master2_
_ - 10.240.0.33_
_ peerCertSANs:_
_ - kb8-master2_
_ - 10.240.0.33_
networking:
_ # This CIDR is a Calico default. Substitute or remove for your CNI provider._
_ podSubnet: “10.244.0.0/16”_

Have anyone faced the same issue. I am completely got stuck here

Note: I have replaced https:// with protocol:// and I have not used links