lab 2.2 Cannot make worker connect to CP

blaket

After having run the k8scp.sh file on the worker node, I get an output of:
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
Is anyone familiar with this problem, or would anyone know what I can do to fix/troubleshoot this problem??

chrispokorni

Hi @blaket,

On the worker node please run sudo kubeadm reset then attempt to run the k8sWorker.sh script.

Regards,
-Chris

blaket

I see, I ran the k8scp.sh script when I should have run the k8sWorker.sh script. Thank you!
the sudo kubeadm reset command allowed me to run the k8sWorker.sh script, but when trying to use the join command, I still got the error messages above.
I just terminated the EC2 instance and started over from scratch

blaket

@chrispokorni
After having done that, when I run the join command, it seems to be stuck after outputting:
[preflight] Running pre-flight checks

Do you have any suggestions of things I could do to troubleshoot this?

blaket

Actually I can see that it timed out now with a message of:
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://172.31.39.184:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
To see the stack trace of this error execute with --v=5 or higher

chrispokorni

Hi @blaket,

Please make sure your VPC and SG are configured according to the demo video from the introductory chapter tailored to your cloud provider - that should fix any timeouts.

Regards,
-Chris

blaket

Ok, I found that I just had to edit the inbound/outbound rules for the CP machine to allow all https traffic, and then it worked.

gjclark

@blaket said:
I see, I ran the k8scp.sh script when I should have run the k8sWorker.sh script. Thank you!

I did this too!

quachout

@blaket how did you edit the inbound/outbound rules for the CP machine to allow https traffic? When I go to the CP instance > Security, i don't see any options to edit it. For Inbound rules my Port range is 22, my Protocol is TC, and Source is 0.0.0.0/0. For Outbound rules my Port Range is All, Protocol is All, and Destination is 0.0.0.0/0

chrispokorni

Hi @quachout,

Thank you for sharing key config details of your SG.

It seems the Inbound rule is blocking all necessary traffic for the cluster.
Please review the demo video from the introductory chapter on setting up the AWS infrastructure to learn how to correctly configure the Inbound SG rule.

Regards,
-Chris

quachout

@chrispokorni Hi Chris, thanks for getting back to me so fast. AHHH that was my fault, took me some time to figure out how to configure it correctly. Thanks!

zite

Hi, I'm having trouble executing the join command from worker. I have only new GUI in AWS and I might not configured the SG with correct rule.
Can someone help with new GUI of AWS?

chrispokorni

Hi @zite,

You should start by completing the previous panels - Name, AMI, Type, Key pair.

Then in the "Network settings" panel click on "Edit" to allow you to select the desired VPC, Enable the Auto-assign public IP, select "Create security group", fill in the name and description, Type - All traffic, Protocol - All, Port range - All, Source - Anywhere, fill in Description, click on "Add security group rule".

Then continue with following panels as necessary.

Regards,
-Chris