-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fails with -extra-config=apiserver.authorization-mode=RBAC and audit logging: timed out waiting for kube-proxy #2934
Comments
I have the exact same problem. Minikube version: v0.28.0 With Using "Minimal policy file" here: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
Comparing working log with failing log (same command), i have those lines in the failing one:
Note: I try to follow a course here: https://www.udemy.com/kubernetes-from-a-devops-kubernetes-guru/ |
Thanks. Hopefully it gets merged for next version. never tryed to build minikube "yet" to test PR. |
@kairen how did you manage to place the audit file in I see this in logs:
|
Probably a dupe of #2852 - please re-open if not. |
BUG REPORT
Environment:
Minikube version (use
minikube version
): v0.28.0cat ~/.minikube/machines/minikube/config.json | grep DriverName
): VirtualBox 5.2.12 r122591 (Qt5.6.3)cat ~/.minikube/machines/minikube/config.json | grep -i ISO
orminikube ssh cat /etc/VERSION
): Boot2DockerURL": "file:///Users/123456/.minikube/cache/iso/minikube-v0.28.0.isominikube.log
What happened:
When I try to start minikube using one of these commands:
minikube start --extra-config=apiserver.Authorization.Mode=RBAC --extra-config=apiserver.Audit.LogOptions.Path=/var/log/audit.log --extra-config=apiserver.Audit.PolicyFile=/etc/kubernetes/addons/audit-policy.yaml
or
minikube start --extra-config=apiserver.authorization-mode=RBAC --extra-config=apiserver.audit-log-path=/var/log/audit.log --extra-config=apiserver.audit-policy-file=/etc/kubernetes/addons/audit-policy.yaml
The content of audit-policy.yaml being:
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: Metadata
it's end up by hanging the minikube in the line:
Starting cluster components...
and in the end I get this error:E0625 21:34:15.410946 54396 start.go:299] Error restarting cluster: restarting kube-proxy: waiting for kube-proxy to be up for configmap update: timed out waiting for the condition
What you expected to happen: to start minikube with the audit logging
How to reproduce it (as minimally and precisely as possible): stop the minikube and start it using one of the above commands.
Output of
minikube logs
(if applicable): minikube.logThe text was updated successfully, but these errors were encountered: