Kubernetes: unable to join a remote master node
Asked Answered
A

2

10

Hello I am facing a kubeadm join problem on a remote server.

I want to create a multi-server, multi-node Kubernetes Cluster. I created a vagrantfile to create a master node and N workers. It works on a single server.

The master VM is a bridge Vm, to make it accessible to the other available Vms on the network.

I choose Calico as a network provider.

For the Master node this's what I've done: Using ansible :

  1. Initialize Kubeadm.

  2. Installing a network provider.

  3. Create the join command.

For Worker node:

  1. I execute the join command to join the running master.

I created successfully the cluster on one single hardware server. I am trying to create regular worker nodes on another server on the same LAN, I ping to the master successfully.

To join the Master node using the generated command.

kubeadm join 192.168.2.50:6443 --token ecqb8f.jffj0hzau45b4ro2   
--ignore-preflight-errors all  
--discovery-token-ca-cert-hash 
sha256:94a0144fe419cfb0cb70b868cd43pbd7a7bf45432b3e586713b995b111bf134b

But it showed this error:

error execution phase preflight: couldn't validate the identity of the API Server: 
could not find a JWS signature in the cluster-info ConfigMap for token ID "ecqb8f"

I am asking if there is any specific network configuration to join the remote master node.

Attain answered 21/4, 2020 at 20:2 Comment(5)
can you please run kubeadm token list and check ecqb8f.jffj0hzau45b4ro2 exists on the list?Timekeeper
On the master node the kubeadm token list is empty. On the worker node ''no such file '' /home/.kube/config'''' . I am supposed to create the tokens manually ?Attain
yes. run kubeadm token create on master and use it in join command. or run kubeadm token create --print-join-command and use the command.Timekeeper
thank you so mush, it's workingAttain
ok. I am posting that as answer :)Timekeeper
T
26

It seems token is expired or removed. You can create token manually by running:

kubeadm token create --print-join-command

Use the output as join command.

Timekeeper answered 21/4, 2020 at 20:52 Comment(0)
C
6

If you see the output as: " error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "s1isfw" To see the stack trace of this error execute with --v=5 or higher " on a node while joining k8s cluster.

Reason: This issue arises when the token is expired. TTL for token is 23 hours by default, since the time they've been generated, either when kubeadm init is done or generated separately.

In such a case, you can first check if the token you're using for joining the worker to master can be retrieved by command on master :

kubeadm token list

Steps:

Case 1). if you see NO OUTPUT of the above command, then the best deal is to generate token again from master:

  1. on master execute: kubeadm token create --print-join-command

  2. copy everything and structure if necessary and execute this as a command on worker node.

  3. Check the nodes from master. This worker should now have joined the cluster.

Case 2). if you see an output with

TOKEN, TTL, EXPIRES, USAGES, DESCRIPTION, EXTRA GROUPS.

  1. Check the host entries and pinging among the nodes (master and workers). (firewall could also cause this.) use this token again on the workers.

OR go with case 1.

Just wanted to add 1 more thing :
DO NOT USE --ignore-preflight-errors all

as nodes(master to work) commands would show errors later. In my env, I do not use this.

Cystine answered 12/6, 2020 at 20:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.