Welcome to the Linux Foundation Forum!

Join Worker node to Cluster LAB3.2

after create Master node i ried to join worker as LAB 3-2
but at first i got error in master node when create token >>
ubuntu@master1:~$ sudo kubeadm token create
W0227 10:04:00.245854 2413218 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
xisoy4.d78xicc64gf0b6bj

ubuntu@master1:~$ sudo kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
l7m6it.m9e7favj9hyhjq2u 23h 2021-02-28T09:23:13Z authentication,signing system:bootstrappers:kubeadm:

and then in worker Node i got this >>>

root@worker1:~# kubeadm join --token l7m6it.m9e7favj9hyhjq2u k8smaster:6443 --discovery-token-ca-cert-hash sha256:9aef1fe46c897cbb11bb5ecfe607080ea3167e7e316c8ecad676dd64813e0b30

error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "l7m6it"
To see the stack trace of this error execute with --v=5 or higher

what is my problem ???

Best Answer

  • chrispokorni
    chrispokorni Posts: 2,372
    Answer ✓

    Hi @shasha,

    You could try the join instead with the newly created token xisoy4.d78xicc64gf0b6bj or you could try another command on your master node: sudo kubeadm token create --print-join-command, which generates the entire join command with all flags and parameters, that you can copy on to the worker node. As before, I would recommend cleaning up your worker with a sudo kubeadm reset command before running the new join.

    Regards,
    -Chris

Answers

  • Hi @chrispokorni
    I am trying to join the worker node and seeing an error which I could not figure out why.

    I did below in cp node:

    sudo kubeadm token create
    3vl8wq.80syie5oaboln2se
    gazmaster@cp:~$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/ˆ.* //'
    (stdin)= 6a32b58cddba64b7745a30db124412f65f3980d476279add28a5d572960ef2bf

    Now in worker node, I ran join command:

    kubeadm join --token 3vl8wq.80syie5oaboln2se 10.211.55.10:6443 --discovery-token-ca-cert-hash sha256:6a32b58cddba64b7745a30db124412f65f3980d476279add28a5d572960ef2bf
    [preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [preflight] Reading configuration from the cluster...
    [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
    error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Get "https://k8scp:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s": dial tcp: lookup k8scp on 127.0.0.53:53: server misbehaving
    To see the stack trace of this error execute with --v=5 or higher

    When I look into kubeadm-config -o yaml file I see below which looks alright except it is missing 'safeLink' field:

    kubectl -n kube-system get cm kubeadm-config -oyaml
    apiVersion: v1
    data:
    ClusterConfiguration: |
    apiServer:
    extraArgs:
    authorization-mode: Node,RBAC
    timeoutForControlPlane: 4m0s
    apiVersion: kubeadm.k8s.io/v1beta2
    certificatesDir: /etc/kubernetes/pki
    clusterName: kubernetes
    controlPlaneEndpoint: k8scp:6443
    controllerManager: {}
    dns:
    type: CoreDNS
    etcd:
    local:
    dataDir: /var/lib/etcd
    imageRepository: k8s.gcr.io
    kind: ClusterConfiguration
    kubernetesVersion: v1.21.1
    networking:
    dnsDomain: cluster.local
    podSubnet: 192.168.0.0/16
    serviceSubnet: 10.96.0.0/12
    scheduler: {}
    ClusterStatus: |
    apiEndpoints:
    cp:
    advertiseAddress: 10.211.55.10
    bindPort: 6443
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: ClusterStatus
    kind: ConfigMap
    metadata:
    creationTimestamp: "2021-10-05T12:48:06Z"
    name: kubeadm-config
    namespace: kube-system
    resourceVersion: "214"
    uid: 0ed355d6-bf6e-4e5c-bf98-ce513cb938d2

    Do you reckon 'safeLink' needs to be in there? Any help would be appreciated!

    Thanks,

    Gaurav

  • chrispokorni
    chrispokorni Posts: 2,372

    Hi @gaurav4978,

    I would recommend following the installation steps found in the lab guide, and use the k8scp control-plane node alias for the cluster init and join commands, as it prepares the cluster for later exercises.

    Regards,
    -Chris

  • Thanks Chris!

    I did test with k8scp as an alias for control-plane but did not work and tried few times same result. And started to try to use IP instead and little different error. Was trying this for last few days and finally was able to pin point my type for the IP address...

Categories

Upcoming Training