colossal-machine-43699
10/27/2022, 8:31 PME1027 20:24:29.009588 1 controller.go:317] controller/kubeadmcontrolplane "msg"="Reconciler error" "error"="failed to create remote cluster client: error creating client and cache for remote cluster: error creating dynamic rest mapper for remote cluster \"default/my-cluster\": Get \"<https://10.84.81.6:6443/api?timeout=10s>\": x509: certificate signed by unknown authority" "name"="my-cluster" "namespace"="default" "reconciler group"="<http://controlplane.cluster.x-k8s.io|controlplane.cluster.x-k8s.io>" "reconciler kind"="KubeadmControlPlane"
The self-signed root is mounted via the standard kube-root-ca.crt
configmap.
Volumes: │
│ cert: │
│ Type: Secret (a volume populated by a Secret) │
│ SecretName: capi-kubeadm-control-plane-webhook-service-cert │
│ Optional: false │
│ kube-api-access-zn7qg: │
│ Type: Projected (a volume that contains injected data from multiple sources) │
│ TokenExpirationSeconds: 3607 │
│ ConfigMapName: kube-root-ca.crt │
│ ConfigMapOptional: <nil> │
│ DownwardAPI: true │
│ QoS Class: BestEffort │
│ Node-Selectors: <none> │
│ Tolerations: <http://node-role.kubernetes.io/control-plane:NoSchedule|node-role.kubernetes.io/control-plane:NoSchedule> │
│ <http://node-role.kubernetes.io/master:NoSchedule|node-role.kubernetes.io/master:NoSchedule> │
│ <http://node.kubernetes.io/not-ready:NoExecute|node.kubernetes.io/not-ready:NoExecute> op=Exists for 300s │
│ <http://node.kubernetes.io/unreachable:NoExecute|node.kubernetes.io/unreachable:NoExecute> op=Exists for 300s
But kube-api-access doesn't seem to make use of it.