Welcome to the Linux Foundation Forum!

lab 2.2 Cannot make worker connect to CP

Options

After having run the k8scp.sh file on the worker node, I get an output of:
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
Is anyone familiar with this problem, or would anyone know what I can do to fix/troubleshoot this problem??

Comments

  • chrispokorni
    Options

    Hi @blaket,

    On the worker node please run sudo kubeadm reset then attempt to run the k8sWorker.sh script.

    Regards,
    -Chris

  • blaket
    blaket Posts: 10
    Options

    I see, I ran the k8scp.sh script when I should have run the k8sWorker.sh script. Thank you!
    the sudo kubeadm reset command allowed me to run the k8sWorker.sh script, but when trying to use the join command, I still got the error messages above.
    I just terminated the EC2 instance and started over from scratch

  • blaket
    blaket Posts: 10
    Options

    @chrispokorni
    After having done that, when I run the join command, it seems to be stuck after outputting:
    [preflight] Running pre-flight checks

    Do you have any suggestions of things I could do to troubleshoot this?

  • blaket
    blaket Posts: 10
    Options

    Actually I can see that it timed out now with a message of:
    error execution phase preflight: couldn't validate the identity of the API Server: Get "https://172.31.39.184:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
    To see the stack trace of this error execute with --v=5 or higher

  • chrispokorni
    Options

    Hi @blaket,

    Please make sure your VPC and SG are configured according to the demo video from the introductory chapter tailored to your cloud provider - that should fix any timeouts.

    Regards,
    -Chris

  • blaket
    blaket Posts: 10
    Options

    Ok, I found that I just had to edit the inbound/outbound rules for the CP machine to allow all https traffic, and then it worked.

  • gjclark
    gjclark Posts: 1
    Options

    @blaket said:
    I see, I ran the k8scp.sh script when I should have run the k8sWorker.sh script. Thank you!

    I did this too!

  • quachout
    quachout Posts: 15
    Options

    @blaket how did you edit the inbound/outbound rules for the CP machine to allow https traffic? When I go to the CP instance > Security, i don't see any options to edit it. For Inbound rules my Port range is 22, my Protocol is TC, and Source is 0.0.0.0/0. For Outbound rules my Port Range is All, Protocol is All, and Destination is 0.0.0.0/0

  • chrispokorni
    chrispokorni Posts: 2,164
    Options

    Hi @quachout,

    Thank you for sharing key config details of your SG.

    It seems the Inbound rule is blocking all necessary traffic for the cluster.
    Please review the demo video from the introductory chapter on setting up the AWS infrastructure to learn how to correctly configure the Inbound SG rule.

    Regards,
    -Chris

  • quachout
    quachout Posts: 15
    Options

    @chrispokorni Hi Chris, thanks for getting back to me so fast. AHHH that was my fault, took me some time to figure out how to configure it correctly. Thanks!

  • zite
    zite Posts: 11
    Options

    Hi, I'm having trouble executing the join command from worker. I have only new GUI in AWS and I might not configured the SG with correct rule.
    Can someone help with new GUI of AWS?

  • chrispokorni
    chrispokorni Posts: 2,164
    Options

    Hi @zite,

    You should start by completing the previous panels - Name, AMI, Type, Key pair.

    Then in the "Network settings" panel click on "Edit" to allow you to select the desired VPC, Enable the Auto-assign public IP, select "Create security group", fill in the name and description, Type - All traffic, Protocol - All, Port range - All, Source - Anywhere, fill in Description, click on "Add security group rule".

    Then continue with following panels as necessary.

    Regards,
    -Chris

Categories

Upcoming Training