You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running a microk8s join command on a node with a long hostname I run into the following error
Contacting cluster at 198.22.255.24
Traceback (most recent call last):
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 1033, in <module>
join(prog_name="microk8s join")
File "/snap/microk8s/5891/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/snap/microk8s/5891/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/snap/microk8s/5891/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/snap/microk8s/5891/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 1024, in join
join_dqlite(connection_parts, verify, worker)
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 783, in join_dqlite
join_dqlite_worker_node(info, master_ip, master_port, token)
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 851, in join_dqlite_worker_node
update_cert_auth_kubelet(token, info["ca"], master_ip, master_port)
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 460, in update_cert_auth_kubelet
cert = get_client_cert(
File "/snap/microk8s/5891/scripts/wrappers/join.py", line 281, in get_client_cert
subprocess.check_call(cmd_cert.split(), stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
File "/snap/microk8s/5891/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/snap/microk8s/5891/usr/bin/openssl', 'req', '-new', '-sha256', '-key', '/var/snap/microk8s/current/certs/kubelet.key', '-out', '/var/snap/microk8s/current/certs/kubelet.csr', '-subj', '/CN=system:node:node2.cskama-171507.advosuwmadison-pg0.cloudlab.umass.edu/O=system:nodes']' returned non-zero exit status 1.
Running the openssl command manually reveals the problem
microk8s should not put the entire hostname into the CN field. They cannot be longer than 64 characters per the ASN1 standard. See for example this answer on StackOverflow.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
When running a
microk8s join
command on a node with a long hostname I run into the following errorRunning the openssl command manually reveals the problem
microk8s should not put the entire hostname into the CN field. They cannot be longer than 64 characters per the ASN1 standard. See for example this answer on StackOverflow.
The text was updated successfully, but these errors were encountered: