I am new to kubernetes and want to setup kubernetes HA setup after successfully completing examples with minikube and single master kubernetes cluster. I am using AWS EC2 instances and AWS application load balancer for this purpose. I dont want to use KOPS or any other tool for installation. I want to get hands on with kubeadm. I followed below steps
- Created self signed certificate ca.crt and ca.key to use for kubernetes
- Installed this certificate as Root CA on my ubuntu instance
- Copied this ca.crt and ca.key to /etc/kubernetes/pki
- Created new certificate for aws loadbalancer and signed it with above ca.crt. With this certificate created Aws application load balancer
- I also created Record Set in AWS Route53 for domain name mapping. I also made sure this domain name mapping is working. (i.e. master.k8sonaws.com is properly resolving to aws load balancer)
Now I am using kubeadm init
kubeadm init --pod-network-cidr=192.168.0.0/20 --service-cidr=192.168.16.0/20 --node-name=10.0.0.13 --control-plane-endpoint "master.k8sonaws.com:443" --upload-certs --v=8 --apiserver-bind-port=443 --apiserver-cert-extra-sans=master.k8sonaws.com,i-0836dd4dc6609a924This command is succeeding up-to upload-config phase. Health check endpoint is returning success but after that its failing in upload-config phase
configmaps is forbidden: User "system:anonymous" cannot create resource "configmaps" in API group "" in the namespace "kube-system"
Here I am not able to understand why kubeadm is passing anonymyous user for api call. How can I resolve this issue
