Error while creating High Availability Kubernetes cluster with Kubeadm


I am creating Kubernetes Cluster inside VM (image that I used inside VM is CentOS 7 CIS Hardened) with kubeadm.

I am following official documentation of creating High Availability Cluster with Kubeadm

Steps that I have done so far:

Installed Docker and Enabled Docker

yum update
yum install docker
sudo systemctl start docker
sudo systemctl status docker
systemctl enable docker.service

Change these values to 1 instead of 0

nano /proc/sys/net/bridge/bridge-nf-call-iptables
nano /proc/sys/net/bridge/bridge-nf-call-ip6tables

echo 1 > /proc/sys/net/ipv4/ip_forward

Check the SELinux Status


Disable SELinux

setenforce 0

To permanently disable SELinux on your CentOS 7 system, follow the steps below:

nano /etc/selinux/config

set the SELINUX mod to disabled:

Disable Swap: swapoff -a sed -e '/swap/ s/^#*/#/' -i /etc/fstab mount -a

Install Kubelet, Kubeadm, Kubectl at once

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

Installing kubelet, kubeadm, kubectl in one command

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet
systemctl daemon-reload

After doing this i created a file called kubeadm-config.yaml

kind: ClusterConfiguration
kubernetesVersion: stable
controlPlaneEndpoint: "LoadBalancerIP"

kubeadm init --config=kubeadm-config.yaml --upload-certs

[init] Using Kubernetes version: v1.15.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [vm3 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [ 52.174                                                                           .21.65]
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [vm3 localhost] and IPs [ ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [vm3 localhost] and IPs [ ::1]
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'

- 'journalctl -xeu kubelet'


systemctl status kubelet
kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/kubelet.service.d
   Active: active (running) since Mon 2019-06-24 07:23:57 UTC; 1h 44min ago
 Main PID: 29985 (kubelet)
   CGroup: /system.slice/kubelet.service
           └─29985 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --cg...

Jun 24 09:08:21 vm3 kubelet[29985]: E0624 09:08:21.671662   29985 kubelet.go:2248] node "vm3" not found
[root@vm3 vm2]# systemctl status docker
docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-06-24 07:12:39 UTC; 1h 56min ago
 Main PID: 28682 (dockerd-current)
   CGroup: /system.slice/docker.service
           ├─28682 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --u...
           ├─28688 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/dock...
           ├─30073 /usr/bin/docker-containerd-shim-current 6873dad40999d42255b3ffb78f1212409b8ae01450853e33b928f67a3b5f9116 /var/run/docker/libcontainerd/6873dad40999d42255b3ffb78f12...
           ├─30109 /usr/bin/docker-containerd-shim-current eb3945f99d1a5b7aa1c07086a2fed12a60afa7ffec3a89127fe51615f11a9621 /var/run/docker/libcontainerd/eb3945f99d1a5b7aa1c07086a2fe...
           ├─30170 /usr/bin/docker-containerd-shim-current 930354300ef22146adf972f098562336ec2dcf274808cc18d8db6d22ec425673 /var/run/docker/libcontainerd/930354300ef22146adf972f09856...
           ├─30237 /usr/bin/docker-containerd-shim-current dfdb99a011f6762d86986c211663b162c43dd1c20f99f63fd855d87242f2f617 /var/run/docker/libcontainerd/dfdb99a011f6762d86986c211663...
           └─30366 /usr/bin/docker-containerd-shim-current 7f13a2b265d9733d8db34aa7acfe7f320c3ef2b5d523146b2ffeefa6b3bf666c /var/run/docker/libcontainerd/7f13a2b265d9733d8db34aa7acfe...

Jun 24 09:09:26 vm3 dockerd-current[28682]: E0624 09:09:26.396927       1 reflector.go:125] Failed to list *v1.Service: Get htt... i/o timeout
Jun 24 09:09:26 vm3 dockerd-current[28682]: I0624 09:09:26.398140       1 trace.go:81] Trace[922903595]: "Reflector ListAndWatch...000377891s):
Jun 24 09:09:26 vm3 dockerd-current[28682]: Trace[922903595]: [30.000377891s] [30.000377891s] END
Jun 24 09:09:26 vm3 dockerd-current[28682]: E0624 09:09:26.398164       1 reflector.go:125] Failed to list *v1.PersistentVolume... i/o timeout
Jun 24 09:09:26 vm3 dockerd-current[28682]: I0624 09:09:26.399536       1 trace.go:81] Trace[1309975098]: "Reflector ListAndWatc...000249191s):
Jun 24 09:09:26 vm3 dockerd-current[28682]: Trace[1309975098]: [30.000249191s] [30.000249191s] END
Jun 24 09:09:26 vm3 dockerd-current[28682]: E0624 09:09:26.399556       1 reflector.go:125] Failed to list *v1.ReplicationContr... i/o timeout
Jun 24 09:09:26 vm3 dockerd-current[28682]: I0624 09:09:26.400806       1 trace.go:81] Trace[1990792995]: "Reflector ListAndWatc...000302791s):
Jun 24 09:09:26 vm3 dockerd-current[28682]: Trace[1990792995]: [30.000302791s] [30.000302791s] END
Jun 24 09:09:26 vm3 dockerd-current[28682]: E0624 09:09:26.400824       1 reflector.go:125] Failed to list *v1.StorageClass: Ge... i/o timeout
Hint: Some lines were ellipsized, use -l to show in full.


journalctl -xeu kubelet
I needed to create HA Kubnetes cluster inside CentOS image. But I stuck at this point.

-- Tahir Javed

You should use --node-name with kubeadm init:

$ sudo kubeadm init --node-name master1

The flag passes the appropriate --hostname-override value to the kubelet:

As you are using a config file, add a field name in nodeRegistration paragraph in InitConfiguration:

kind: InitConfiguration
  name: "master1"

You can refer to the following documentation:

-- Stéphane Beuret
