Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Kubernetes kubeadm join couldn't validate the identity of the API server connection refused

While configuring new worker node in Kubernetes cluster using kubeadm tool I was receiving below error. Basically I was trying to join worker node in the Kubernetes cluster control-plane using kubeadm join command, but it was failing because of multiple reasons.

Kuberenetes error kubeadm join error preflight error execution phase preflight couldn't validate the indentity of the api server connect connection refused init 6443 dial tcp.jpg

Complete articles series on installation and configuration of Kubernetes cluster:
Configure Nginx Load Balancer for the Kubernetes API Server - Part 1
Install and configure Kubernetes cluster master nodes using kubeadm - Part 2
Install and configure Kubernetes cluster worker nodes using kubeadm - Part 3

root@k8sworker01:~#
root@k8sworker01:~# kubeadm join 192.168.34.60:6443 --token tpxbcw.sk0f43qcxzm5ky61 --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://192.168.34.60:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": dial tcp 192.168.34.60:6443: connect: connection refused
To see the stack trace of this error execute with --v=5 or higher
root@k8sworker01:~#

To troubleshoot this issue I checked basic ICMP ping test to the k8s master node from worker node, connection was good and there were no drops. Next step is to test Master Node Kubernetes APIserver port using telnet command. This time I was receiving error trying 192.168.34.60... telnet: Unable to connect to remote host: connection refused error means port 6443 is not open on the master node.

Kubernetes worker node ping telnet 6443 port failed unable to connect to remote host connection refused master node kubeadm join init control-plane.jpg

This can happen due to multiple reasons, First Check whether 6443 TCP port is enabled into firewall on Master node, Also verify if same port is accessible from telnet from same server. If you are not able to telnet from same master node it means kubeadm is not setup and configured properly, you can check the status of  Master node using command kubectl get cs.

In my case there was some other duplicate VM existed in my lab environment, which had same IP address assigned 192.168.34.60. I shutdown that Rogue VM which had duplicate ip as same as Kubernetes Master node. And after testing ping and telnet results were good to Master node. I reran the command kubeadm join to add worker node to control-plane and it was successful.

kubeadm join toker discovery preflisht control-plane kubelet star kubeadm kubernetes cluster k-proxy kube-proxy container kubectl get nodes master worker.jpg

root@k8sworker01:~#
root@k8sworker01:~# kubeadm join 192.168.34.60:6443 --token tpxbcw.sk0f43qcxzm5ky61 --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

root@k8sworker01:~#

Useful Articles
How to install kubernetes master control-plane on ubuntu Part 1
How to install kubernetes worker node on ubuntu Part 2
ansible create an array with set_fact
Ansible get information from esxi advanced settings nested dictionary with unique keynames
Install Ansible AWX Tower on Ubuntu Linux
Ansible AWX installation error Cannot have both the docker-py and docker python modules
Ansible AWX installation error docker-compose run --rm --service-ports task awx-manage migrate --no-input

Go Back

Comment

Blog Search

Page Views

8559330

Follow me on Blogarama