kubectl get commands result in
Error from server (InternalError): an error on the server ("") has prevented the request from succeeding
kubelet does not look happy, from messages on control node 3
Dec 1 02:51:53 paws-k8s-control-3 kubelet[30184]: E1201 02:51:53.900701 30184 controller.go:144] failed to ensure lease exists, will retry in 7s, error: Get "https://k8s.svc.paws.eqiad1.wikimedia.cloud:6443/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/paws-k8s-control-3?timeout=10s": context deadline exceeded Dec 1 02:51:56 paws-k8s-control-3 kubelet[30184]: E1201 02:51:56.131023 30184 reflector.go:138] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:66: Failed to watch *v1.Pod: failed to list *v1.Pod: an error on the server ("") has prevented the request from succeeding (get pods) Dec 1 02:51:58 paws-k8s-control-3 kubelet[30184]: E1201 02:51:58.116085 30184 kubelet_node_status.go:470] "Error updating node status, will retry" err="error getting node \"paws-k8s-control-3\": Get \"https://k8s.svc.paws.eqiad1.wikimedia.cloud:6443/api/v1/nodes/paws-k8s-control-3?timeout=10s\": context deadline exceeded"
HA proxy nodes do seem to be routing connections
tcp TIME-WAIT 0 0 172.16.1.171:6443 172.16.1.180:50340 tcp TIME-WAIT 0 0 172.16.1.171:6443 172.16.1.99:34992 tcp TIME-WAIT 0 0 172.16.1.171:6443 172.16.1.180:54744 tcp TIME-WAIT 0 0 172.16.1.171:6443 172.16.1.99:35952 tcp TIME-WAIT 0 0 172.16.1.171:6443 172.16.1.34:49474
cert seems alright
$ openssl s_client -servername paws.wmcloud.org -connect paws.wmcloud.org:443 2>/dev/null | openssl x509 -noout -dates notBefore=Nov 18 12:03:13 2022 GMT notAfter=Feb 16 12:03:12 2023 GMT