K
Q

can not join new node to k8s cluster

11/26/2018

i want to join my new server to k8s cluster ,but failed,i do not know why?

# kubeadm join 10.100.1.20:6443 --token xxxxxx --discovery-token-ca-cert-hash sha256:xxxxxx
[preflight] running pre-flight checks
    [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] or no builtin kernel ipvs support: map[ip_vs_sh:{} nf_conntrack_ipv4:{} ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{}]
you can solve this problem with following methods:
 1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support

I1126 10:30:33.608681    7238 kernel_validator.go:81] Validating kernel version
I1126 10:30:33.608737    7238 kernel_validator.go:96] Validating kernel config
    [WARNING Hostname]: hostname "t-k8s-b1" could not be reached
    [WARNING Hostname]: hostname "t-k8s-b1" lookup t-k8s-b1 on 103.224.222.222:53: no such host
[discovery] Trying to connect to API Server "10.100.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.100.1.20:6443"
[discovery] Requesting info from "https://10.100.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.100.1.20:6443"
[discovery] Successfully established connection with API Server "10.100.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
Unauthorized

can not find new node

# kubectl get nodes
NAME       STATUS    ROLES     AGE       VERSION
t-k8s-a1   Ready     master    6d        v1.11.3
t-k8s-b2   Ready     <none>    6d        v1.11.3

in /var/log/messages

Nov 26 10:40:39 t-k8s-b1 systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.

i change /etc/systemd/system/kubelet.service from 0755 to 0644 ,the message warning disppeared and modprobe the module ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh,still Unauthorized

[preflight] running pre-flight checks
I1126 10:48:03.529871    8416 kernel_validator.go:81] Validating kernel version
I1126 10:48:03.529927    8416 kernel_validator.go:96] Validating kernel config
    [WARNING Hostname]: hostname "t-k8s-b1" could not be reached
    [WARNING Hostname]: hostname "t-k8s-b1" lookup t-k8s-b1 on 103.224.222.222:53: no such host
[discovery] Trying to connect to API Server "10.100.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.100.1.20:6443"
[discovery] Requesting info from "https://10.100.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.100.1.20:6443"
[discovery] Successfully established connection with API Server "10.100.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
Unauthorized

Solution

the reason is token expired, i recreate a new token ,and join with it ,all fine

# kubeadm  token create
new token

# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
ca cert hash

# kubeadm join 10.100.1.20:6443 --token new_token --discovery-token-ca-cert-hash sha256:ca_cert_hash
-- user1208081
kubernetes

Similar Questions

Will the master know the data on workers/nodes in k8s
Kubernetes https service exposure
Configuration of Nexus Helm Chart: HTTPS Serving HTTP Resources
How can gke create a reserved public or private gcp address for use in a LoadBalancer Service?
custom metric collection in katib(AutoML) on kubeflow
Issue in deploying a pod on master node parsing issue

0 Answers