Welcome to the Linux Foundation Forum!

Lab 2.2 - Step 8, Unable join the cluster

I have already followed the instruction to create two-node with Ubuntu 20.04 cluster in AWS. However, I am unable to join the cluster with below errors.

From Worker node,

#

ubuntu@ip-172-31-47-246:~$ sudo kubeadm join 172.31.43.225:6443 --token may6le.sbajmo56ah4gl3kr --discovery-token-ca-cert-hash sha256:9ac274fb3303b8501b65ee699dcd59d50a4dd39409271b4b0cea8ec0bf7395d0

[preflight] Running pre-flight checks

error execution phase preflight: couldn't validate the identity of the API Server: Get "https://172.31.43.225:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
To see the stack trace of this error execute with --v=5 or higher

#

Master: 172-31-43-225
Worker: 172-31-47-246

Nodes detail:

Below is my Security Group setup of instances:

Would you please to advise the solution? Thanks.

Comments

  • chrispokorni
    chrispokorni Posts: 2,153

    Hi @samuellai05,

    From the timeout error and the SG settings it seems you are blocking critical ingress ports and protocols that Kubernetes needs, and eventually plugins would need as well. Opening only SSH and HTTP/HTTPS ingress is not sufficient for a Kubernetes installation.

    Please review the AWS configuration video guide for key information on correctly setting up ingress SG for your AWS EC2 instances.

    Regards,
    -Chris

  • Hi I have similar issue but different error message:

    **student@cp-1:~$ sudo kubeadm join --token 118c3e.83b49999dc5dc034 \

    34.85.163.249:6443 --discovery-token-ca-cert-hash \
    sha256:40aa946e3f53e38271bae24723866f56c86d77efb49aedeb8a70cc189bfe2e1d

    [preflight] Running pre-flight checks
    error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
    [ERROR Port-10250]: Port 10250 is in use
    [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
    [preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...
    To see the stack trace of this error execute with --v=5 or higher**

    I really appreciate if anyone can help. Thanks.

  • chrispokorni
    chrispokorni Posts: 2,153
    edited August 2022

    Hi @jtang1u0,

    The errors seem to indicate that the kubeadm command has already been executed on the same node.

    Your command prompt seem to indicate that you are trying to run the kubeadm join command on the control plane (cp) node. That command should be executed on the worker node instead. Please follow the lab guide and pay close attention to each step. The node where kubeadm init already executed will display errors if a kubeadm join is attempted.

    In addition, from your prompt it seems you are re-using the token from the lab guide, which is provided for illustration purposes only. The token and hash values required to join your cluster should be retrieved from your control plane node cp.out file (or the output of the kubeadm init command if your terminal allows you to scroll up that far).

    EDIT: The error also indicates you are possibly using a public IP to register your control plane. It is safer to use a private IP instead.

    Regards,
    -Chris

  • Hello Thanks to Samuella and Chris P.. I too had that issue and overlooked setting from ssh to all ports as inbound rule. Awesome post and awesomely answered thanks much now I can move along lol

Categories

Upcoming Training