After having setup the Kubernetes cluster as described in this guide, I have tried to validate it against the “CNCF K8s Conformance Tests”.
The easiest and standard tool to do that is Heptio’s Sonobuoy. Head to “Sonobuoy Scanner tool” web site, Click on “Scan your cluster”, copy the generated
kubectl command and run it on your cluster.
Unfortunately the result was not the one I was expecting 😞
The first runs were timing out, so I added more resource to my VMs and finally changed the timeout parameter in the downloaded sonobuoy yaml file. Which lead me to this result:
After some long investigations I found out that those failure were “just” due to the fact that the kube-apiserver running on the master nodes were not able to access the pod and service network.
The only way I found to fix this is to setup
kube-proxy on the master nodes so that the Weave DaemonSet will launch a Weave pod on your master. After that, your master nodes will be able to access the pod and network networks. After that, the Sonobuoy result were ok:
In order to avoid regular pods to be scheduled on the control plane nodes, I have setup taints on those nodes and added toleration in the Weave DaemonSet so that only this pod will eventually be run on the master nodes.