kops: stretch image does not join the cluster

1. What kops version are you running? The command kops version, will display this information.

Version 1.11.0 (git-2c2042465)

2. What Kubernetes version are you running? kubectl version will print the version if a cluster is running or provide the Kubernetes version specified as a kops flag.

kubectl version

3. What cloud provider are you using?

AWS

4. What commands did you run? What is the simplest way to reproduce this issue?

I created a new instance group that uses the ami: kope.io/k8s-1.11-debian-stretch-amd64-hvm-ebs-2019-09-26

kops update cluster kops validate cluster

5. What happened after the commands executed?

the instance group has been created, but the node did not join the cluster.

6. What did you expect to happen?

the node to join the cluster.

7. Please provide your cluster manifest. Execute kops get --name my.example.com -o yaml to display your cluster manifest. You may want to remove your cluster name and other sensitive information.

apiVersion: kops/v1alpha2 kind: Cluster metadata: creationTimestamp: 2018-12-24T14:42:00Z name: XXX spec: DisableSubnetTags: true additionalPolicies: master: | [ { “Effect”: “Allow”, “Action”: [“s3:Get*”], “Resource”: [“arn:aws:s3:::XXX/common/authorized_keys/default/“] }, { “Effect”: “Allow”, “Action”: [“sts:AssumeRole”], “Resource”: [””] } ] node: | [ { “Effect”: “Allow”, “Action”: [“s3:Get*”], “Resource”: [“arn:aws:s3:::XXX/common/authorized_keys/default/*”] } ] api: loadBalancer: type: Internal authorization: rbac: {} channel: stable cloudProvider: aws configBase: XXX dnsZone: XXX etcdClusters:

• enableEtcdTLS: true etcdMembers:
  • instanceGroup: master-us-east-1a name: a
  • instanceGroup: master-us-east-1b name: b
  • instanceGroup: master-us-east-1c name: c name: main version: 3.3.10
• enableEtcdTLS: true etcdMembers:
  • instanceGroup: master-us-east-1a name: a
  • instanceGroup: master-us-east-1b name: b
  • instanceGroup: master-us-east-1c name: c name: events version: 3.3.10 fileAssets: XXX hooks: XXX iam: allowContainerRegistry: true legacy: false kubeAPIServer: auditLogMaxAge: 10 auditLogMaxBackups: 1 auditLogMaxSize: 100 auditLogPath: /var/log/kube-apiserver-audit.log auditPolicyFile: /srv/kubernetes/audit.yaml oidcClientID: XXX oidcGroupsClaim: groups oidcGroupsPrefix: ‘okta:’ oidcIssuerURL: XXX oidcUsernameClaim: preferred_username oidcUsernamePrefix: ‘okta:’ runtimeConfig: admissionregistration.k8s.io/v1alpha1: “true” kubeControllerManager: horizontalPodAutoscalerDownscaleDelay: 5m0s horizontalPodAutoscalerSyncPeriod: 15s horizontalPodAutoscalerUpscaleDelay: 3m0s kubeDNS: provider: CoreDNS kubelet: anonymousAuth: false authenticationTokenWebhook: true authorizationMode: Webhook cloudProvider: aws imageGCHighThresholdPercent: 80 imageGCLowThresholdPercent: 65 kubeReserved: cpu: 500m ephemeral-storage: 1Gi memory: 2Gi kubeReservedCgroup: /kube-reserved.slice systemReserved: cpu: 300m ephemeral-storage: 1Gi memory: 1Gi systemReservedCgroup: /system.slice kubernetesApiAccess:
• 0.0.0.0/0 kubernetesVersion: 1.11.10 masterInternalName: XXX masterPublicName: XXX networkCIDR: XXX networkID: XXX networking: amazonvpc: {} nonMasqueradeCIDR: XXX sshAccess:
• 0.0.0.0/0 sshKeyName: XXX subnets: XXX

topology: dns: type: Public masters: private nodes: private

8. Please run the commands with most verbose logging by adding the -v 10 flag. Paste the logs into this report, or in a gist and provide the gist link here.

when running kops validate cluster, The following error appears:

machine X has not yet joined cluster

9. Anything else do we need to know?

if I’m using debian jessie image it works

vim daemon.log on the machine shows: nodeup[2890] W0120 2890 executor.go:130] error running task “Package/nfs-common” (2m36s remaining to succeed): error installing package “nfs-common”: exit status 100: Reading package lists…

nodeup[2890] W0120 2890 executor.go:130] error running task “Package/etables” (2m36s remaining to succeed): error installing package “etables”: exit status 100: Reading package lists…

Thanks!