abundant-hair-58573
01/12/2023, 3:22 PMcreamy-architect-7387
01/12/2023, 11:57 PMabundant-hair-58573
01/13/2023, 1:03 AMaws ec2 describe-instances
from the controlplane itself, it's just the kubelet pod that's in a crash loop. I'm not in the office so I don't have the exact error, but it was basically trying to do a health check of itself, grabbing the ec2 instance id from the metadata server on the localhost, and then trying to do a describe instances to verify itself... I think. It sounds similar to what this person ran into here except we aren't using a proxy, we're in a completely air-gapped environment. It's basically this error, but the url is our air-gapped ec2 url
I0609 20:43:31.841214 8058 aws.go:1180] Zone not specified in configuration file; querying AWS metadata service
F0609 20:43:33.365708 8058 server.go:273] failed to run Kubelet: could not init cloud provider "aws": error finding instance i-4324dfsdfdfd432a: "error listing AWS instances: \"RequestError: send request failed\\ncaused by: Post <https://ec2.us-east-1.amazonaws.com/>: x509: certificate signed by unknown authority\""
/etc/ssl/certs
but I noticed there's a separate kube-ca.pem in /etc/kubernetes/ssl
. Maybe it's trying to use the kube-ca.pem?