[SOLVED] X509 Certificate Error

Dear all,

I do have a 4 node microk8s cluster running (Raspi Pi4, 4 GB, HA-Cluster: disabled v1.20/stable) but one node cannot launch containers, it always throws the following error:

Warning FailedCreatePodSandBox 26s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox “825089f6699e74a2a7bd76166a8088254faf3522fde4bc9b8b0e871d2459c745”: error getting ClusterInformation: Get https://[10.152.183.1]:443/apis/crd.projectcalico.org/v1/clusterinformations/default: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “10.152.183.1”)

I have tried to update my ~/.kube/config file already as I saw this was helping others, but no luck. I wiped microk8s via snap, rebuild the whole cluster but this issue keeps reocurring and always with the same node2. Thus, I suspect it is something related to node2.

Thx for help!

JF

Hi, the error is strange, you mentioned that the HA is disabled, which means calico should be replaced with flannel.
The error seems to suggest that there’s still some calico stuffs in there.
Is there a way for you to take the inspect tarball on node2? Then create an issue in github and attach the tarball?

Thanks again for using MicroK8s.

Hi Balchua,

thank you for the hint! That is the difference. I ran microk8s inspect on node2 and two issues are identified: flanneld and etc are not running.

I am checking on my end again if I made a mistake - despite I am sure I deactivated HA prior joining the node into the cluster.

Will post an udpate here once done (performance wise things take pretty long on the Raspi since except for the master the others still run on a class10 SD-card) :stuck_out_tongue:

Thx again for the great work on MicroK8S!
Jens

Hi again,

ok something went obviously wrong when disabling the HA_Cluster. While microk8s status confirmed it disabled, flannel and etcd where not running.

To fix the issue I ran “sudo snap remove microk8s --purge” then reinstalled it.

Additionally I still had a hung attempt to install the ingress controller for node2 and I had to run “microk8s disable ingress” followed by a “microk8s enable ingress” to get everything to work.

Thx
Jens