From b7b8a8d8fa6335d3f0036c50792971adefe5e240 Mon Sep 17 00:00:00 2001 From: Artem Chernyshev Date: Sat, 4 May 2024 11:36:12 +0300 Subject: [PATCH] docs: add logs example for the certificate errors troubleshooting Should simplify the search of this error over the Internet. Signed-off-by: Artem Chernyshev --- website/content/v1.7/introduction/troubleshooting.md | 6 ++++++ website/content/v1.8/introduction/troubleshooting.md | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/website/content/v1.7/introduction/troubleshooting.md b/website/content/v1.7/introduction/troubleshooting.md index 02601330a9..12d2cda976 100644 --- a/website/content/v1.7/introduction/troubleshooting.md +++ b/website/content/v1.7/introduction/troubleshooting.md @@ -226,6 +226,12 @@ Remove the node from Kubernetes with `kubectl delete node `. This error might appear during initial cluster bootstrap, and it will go away once the Kubernetes API server is up and the node is registered. +The example of Talos logs: + +```bash +[talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \"https://127.0.0.1:10250/pods/?timeout=30s\": remote error: tls: internal error"} +``` + By default configuration, `kubelet` issues a self-signed server certificate, but when `rotate-server-certificates` feature is enabled, `kubelet` issues its certificate using `kube-apiserver`. Make sure the `kubelet` CSR is approved by the Kubernetes API server. diff --git a/website/content/v1.8/introduction/troubleshooting.md b/website/content/v1.8/introduction/troubleshooting.md index 02601330a9..12d2cda976 100644 --- a/website/content/v1.8/introduction/troubleshooting.md +++ b/website/content/v1.8/introduction/troubleshooting.md @@ -226,6 +226,12 @@ Remove the node from Kubernetes with `kubectl delete node `. This error might appear during initial cluster bootstrap, and it will go away once the Kubernetes API server is up and the node is registered. +The example of Talos logs: + +```bash +[talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletStaticPodController", "error": "error refreshing pod status: error fetching pod status: Get \"https://127.0.0.1:10250/pods/?timeout=30s\": remote error: tls: internal error"} +``` + By default configuration, `kubelet` issues a self-signed server certificate, but when `rotate-server-certificates` feature is enabled, `kubelet` issues its certificate using `kube-apiserver`. Make sure the `kubelet` CSR is approved by the Kubernetes API server.