Build are failing and nodes returns "no serving certificate available for the kubelet" in OCP 3
Environment
- Red Hat OpenShift Container Platform (OCP)
- 3.11
- 3.1
Issue
- Failing builds
- Multiple OpenShift client commands (
oc logsandoc rsh) are failing with:
'Error from server: Get https://master.example.com:10250/containerLogs/kube-system/master.example.com/api: remote error: tls: internal error
- OpenShift node logs show repeating error:
atomic-openshift-node[7122]: I0228 20:08:05.039291 7122 logs.go:49] http: TLS handshake error from 192.168.14.2:47808: no serving certificate available for the kubelet
- Unable to handle requests
$ for i in `oc get nodes -o jsonpath=$'{range .items[*]}{.metadata.name}\n{end}'`; do oc get --raw /api/v1/nodes/$i/proxy/healthz; echo -e "\t$i"; done
Error from server (ServiceUnavailable): the server is currently unable to handle the request
Resolution
In case of errors as Error from server (ServiceUnavailable): the server is currently unable to handle the request
-
Make sure that there are no certificates pending approval with command
$ oc get csr | head.-
If yes, approve them and the nodes should be back communicate to each other again:
$ oc adm certificate approve
-
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments