cluster-api: [clusterctl] move to target cluster fails at init step
What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.]
target cluster is ready:
kubectl --kubeconfig=./capi-quickstart.kubeconfig get nodes
NAME STATUS ROLES AGE VERSION
capi-quickstart-2-control-plane-mnldn Ready master 12m v1.17.3
capi-quickstart-2-control-plane-vjnnr Ready master 8m50s v1.17.3
capi-quickstart-2-control-plane-vqc22 Ready master 10m v1.17.3
capi-quickstart-2-md-0-99ms5 Ready <none> 10m v1.17.3
capi-quickstart-2-md-0-99nzj Ready <none> 9m55s v1.17.3
capi-quickstart-2-md-0-rt4wr Ready <none> 9m54s v1.17.3
Follow the instructions at https://cluster-api.sigs.k8s.io/clusterctl/commands/move.html#pivot
clusterctl --kubeconfig=./capi-quickstart.kubeconfig init
Fetching providers
Installing Provider="cluster-api" Version="v0.3.1" TargetNamespace="capi-system"
Error: action failed after 3 attempts: failed to create provider object cert-manager.io/v1alpha2, Kind=Certificate, capi-webhook-system/capi-serving-cert: Internal error occurred: failed calling webhook "webhook.cert-manager.io": the server is currently unable to handle the request
What did you expect to happen:
Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]
Environment:
- Cluster-api version:
- Minikube/KIND version:
- Kubernetes version: (use
kubectl version): - OS (e.g. from
/etc/os-release):
/kind bug
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 16 (16 by maintainers)
@fabriziopandini see the very last line in my previous comment. I did check the API service and it was indeed not available. I suspect it has something to do with the default capz security group not allowing port 443 traffic. I’ll give changing the NSG a try today.
Should we maybe add a check to make sure a CNI has been installed, maybe we could check if the nodes are in a
Readystate?