OPERATIONAL DEFECT DATABASE
...
...
Running the command 'kubectl get nodes -o wide' shows that the current node is in a NotReady state: NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIMEvra.corp.local NotReady master 17h v1.14.6 192.68.3.4 <none> VMware Photon OS/Linux 4.9.214-1.ph2 docker://18.9.9 Running the command 'journalctl -u kubelet --since="30min"' shows errors similar to: Jul 29 07:02:58 vra.corp.local kubelet[3461]: E0729 07:02:58.322582 3461 webhook.go:107] Failed to make webhook authenticator request: Post https://vra-k8s.local:6443/apis/authentication.k8s.io/v1beta1/tokenreviews: wri Jul 29 07:02:58 vra.corp.local kubelet[3461]: E0729 07:02:58.322623 3461 server.go:245] Unable to authenticate the request due to an error: Post https://vra-k8s.local:6443/apis/authentication.k8s.io/v1beta1/tokenreviews 'vracli cluster exec -- bash -c 'current_node'' cannot complete successfully with authentication error: executing bash on prelude-noop-extnet-ds-rnb9s failed: b'error: unable to upgrade connection: Authorization error (user=kube-apiserver-kubelet-client, verb=create, resource=nodes, subresource=proxy)\n'
Due to problems with automatic certificate renewal, the kubelet service may not be able to reach the Kubernetes API Server.
This issue is resolved in vRealize Automation (vRA) 8.1 P3 and vRealize Orchestrator (vRO) 8.1 P3 or later.
To workaround this issue, restart the kubelet service by performing the following: Open a console or SSH terminal to the vRA or vRO node.Run the command: 'systemctl restart kubelet'After 5 minutes, run the command 'vracli cluster exec -- bash -c 'current_node'' command to confirm the results. The host name of the current node should be printed successfully.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
