Krustlet Bootstrapping to Microk8s

[lafronzt]

Hello All,

I have tried everything, and I can't figure this issue out. I am currently running a 4-node Microk8s cluster, and I am looking to add a Krustlet-only node to the cluster. However, I keep running into an issue; any pointers or help would be greatly appreciated.

Setup:

• Microk8s in a HA cluster setup with 2 nodes on AMD64 and 2 nodes on ARM64
  • DNS entries point to all 4 nodes, as they are all control plane and worker nodes.
  • Snap install version v1.15.3
  • OS: Ubuntu 20.04.5 LTS
• The Problem Child: New AMD64 node (supposed to be Krustlet only)
  • Static IP is set
  • DNS entry is set
  • OS: Ubuntu 20.04.5 LTS

Error Output:

RUST_LOG=debug krustlet-wasi --hostname="krustlet" --node-ip=10.0.10.112 --bootstrap-file=${HOME}/.krustlet/config/bootstrap.conf
Nov 01 01:50:50.600 DEBUG kubelet::bootstrapping: Starting bootstrap config.node_name=krustlet
Nov 01 01:50:50.600 DEBUG bootstrap_auth: kubelet::bootstrapping: Found existing kubeconfig, loading...
Nov 01 01:50:50.602 DEBUG bootstrap_auth: kube::config: failed to load client identity from kubeconfig: Error loading kubeconfig: Failed to get data/file with base64 format
Nov 01 01:50:50.602 DEBUG bootstrap_tls: kubelet::bootstrapping: Starting bootstrap of TLS serving certs
Nov 01 01:50:50.617 DEBUG bootstrap_tls: tower::buffer::worker: service.ready=true processing request
Nov 01 01:50:50.617 DEBUG bootstrap_tls:HTTP{http.method=POST http.url=https://<control-plane>.net:16443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests? otel.name="create" otel.kind="client"}: kube::client: requesting
Nov 01 01:50:50.618 DEBUG hyper::client::connect::dns: resolving host="<control-plane>.net"
Nov 01 01:50:50.623 DEBUG bootstrap_tls:HTTP{http.method=POST http.url=https://<control-plane>.net:16443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests? otel.name="create" otel.kind="client"}: hyper::client::connect::http: connecting to 10.0.10.58:16443
Nov 01 01:50:50.624 DEBUG bootstrap_tls:HTTP{http.method=POST http.url=https://<control-plane>.net:16443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests? otel.name="create" otel.kind="client"}: hyper::client::connect::http: connected to 10.0.10.58:16443
Nov 01 01:50:50.630 ERROR bootstrap_tls:HTTP{http.method=POST http.url=https://<control-plane>.net:16443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests? otel.name="create" otel.kind="client" otel.status_code="ERROR"}: kube::client: failed with error error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913: (unable to get local issuer certificate)
Error: HyperError: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913: (unable to get local issuer certificate)

Caused by:
    0: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913: (unable to get local issuer certificate)
    1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913: (unable to get local issuer certificate)
    2: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913:

kubectl version
Client Version: v1.25.3
Kustomize Version: v4.5.7
Server Version: v1.25.3

krustlet-wasi --version
krustlet 1.0.0-alpha.1