Join Worker node to Cluster LAB3.2

shasha

after create Master node i ried to join worker as LAB 3-2
but at first i got error in master node when create token >>
ubuntu@master1:~$ sudo kubeadm token create
W0227 10:04:00.245854 2413218 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
xisoy4.d78xicc64gf0b6bj

ubuntu@master1:~$ sudo kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
l7m6it.m9e7favj9hyhjq2u 23h 2021-02-28T09:23:13Z authentication,signing system:bootstrappers:kubeadm:

and then in worker Node i got this >>>

root@worker1:~# kubeadm join --token l7m6it.m9e7favj9hyhjq2u k8smaster:6443 --discovery-token-ca-cert-hash sha256:9aef1fe46c897cbb11bb5ecfe607080ea3167e7e316c8ecad676dd64813e0b30

error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "l7m6it"
To see the stack trace of this error execute with --v=5 or higher

what is my problem ???

chrispokorni

Hi @shasha,

You could try the join instead with the newly created token xisoy4.d78xicc64gf0b6bj or you could try another command on your master node: sudo kubeadm token create --print-join-command, which generates the entire join command with all flags and parameters, that you can copy on to the worker node. As before, I would recommend cleaning up your worker with a sudo kubeadm reset command before running the new join.

Regards,
-Chris

gaurav4978

Hi @chrispokorni
I am trying to join the worker node and seeing an error which I could not figure out why.

I did below in cp node:

sudo kubeadm token create
3vl8wq.80syie5oaboln2se
gazmaster@cp:~$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/ˆ.* //'
(stdin)= 6a32b58cddba64b7745a30db124412f65f3980d476279add28a5d572960ef2bf

Now in worker node, I ran join command:

kubeadm join --token 3vl8wq.80syie5oaboln2se 10.211.55.10:6443 --discovery-token-ca-cert-hash sha256:6a32b58cddba64b7745a30db124412f65f3980d476279add28a5d572960ef2bf
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Get "https://k8scp:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s": dial tcp: lookup k8scp on 127.0.0.53:53: server misbehaving
To see the stack trace of this error execute with --v=5 or higher

When I look into kubeadm-config -o yaml file I see below which looks alright except it is missing 'safeLink' field:

kubectl -n kube-system get cm kubeadm-config -oyaml
apiVersion: v1
data:
ClusterConfiguration: |
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: k8scp:6443
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.21.1
networking:
dnsDomain: cluster.local
podSubnet: 192.168.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
ClusterStatus: |
apiEndpoints:
cp:
advertiseAddress: 10.211.55.10
bindPort: 6443
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterStatus
kind: ConfigMap
metadata:
creationTimestamp: "2021-10-05T12:48:06Z"
name: kubeadm-config
namespace: kube-system
resourceVersion: "214"
uid: 0ed355d6-bf6e-4e5c-bf98-ce513cb938d2

Do you reckon 'safeLink' needs to be in there? Any help would be appreciated!

Thanks,

Gaurav

chrispokorni

Hi @gaurav4978,

I would recommend following the installation steps found in the lab guide, and use the k8scp control-plane node alias for the cluster init and join commands, as it prepares the cluster for later exercises.

Regards,
-Chris

gaurav4978

Thanks Chris!

I did test with k8scp as an alias for control-plane but did not work and tried few times same result. And started to try to use IP instead and little different error. Was trying this for last few days and finally was able to pin point my type for the IP address...