kubeadm: Kubeadm init blocks at "This might take a minute or longer if the control plane images have to be pulled
Versions
kubeadm version (use kubeadm version):
Environment:
- Kubernetes version (use
kubectl version):v1.9.2 - Cloud provider or hardware configuration:Virtual Box
- OS (e.g. from /etc/os-release):Ubuntu 16.04.0 LTS (Xeniak Xerus) amd64
- Kernel (e.g.
uname -a):linux 4.4.0-62-generic - Others:kubeadm version :v1.9.2: amd64, kubelet version :v1.9.2 amd64, kubernetes-cni version :0.6.0-00 amd64 ,docker version:17.03.2-ce
What happened?
As I try to run kubeadm init,it hangs with xx@xx:~$ sudo kubeadm init --kubernetes-version=v1.9.2
[init] Using Kubernetes version: v1.9.2 [init] Using Authorization modes: [Node RBAC] [preflight] Running pre-flight checks. [WARNING FileExisting-crictl]: crictl not found in system path [preflight] Starting the kubelet service [certificates] Generated ca certificate and key. [certificates] Generated apiserver certificate and key. [certificates] apiserver serving cert is signed for DNS names [kickseed kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.17.41.15] [certificates] Generated apiserver-kubelet-client certificate and key. [certificates] Generated sa key and public key. [certificates] Generated front-proxy-ca certificate and key. [certificates] Generated front-proxy-client certificate and key. [certificates] Valid certificates and keys now exist in “/etc/kubernetes/pki” [kubeconfig] Wrote KubeConfig file to disk: “admin.conf” [kubeconfig] Wrote KubeConfig file to disk: “kubelet.conf” [kubeconfig] Wrote KubeConfig file to disk: “controller-manager.conf” [kubeconfig] Wrote KubeConfig file to disk: “scheduler.conf” [controlplane] Wrote Static Pod manifest for component kube-apiserver to “/etc/kubernetes/manifests/kube-apiserver.yaml” [controlplane] Wrote Static Pod manifest for component kube-controller-manager to “/etc/kubernetes/manifests/kube-controller-manager.yaml” [controlplane] Wrote Static Pod manifest for component kube-scheduler to “/etc/kubernetes/manifests/kube-scheduler.yaml” [etcd] Wrote Static Pod manifest for a local etcd instance to “/etc/kubernetes/manifests/etcd.yaml” [init] Waiting for the kubelet to boot up the control plane as Static Pods from directory “/etc/kubernetes/manifests”. [init] This might take a minute or longer if the control plane images have to be pulled.
Then I check the kubelet log: xx@xx:~$ sudo journalctl -xeu kubelet: Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.280984 28516 remote_runtime.go:92] RunPodSandbox from runtime service failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.281317 28516 kuberuntime_sandbox.go:54] CreatePodSandbox for pod “kube-scheduler-kickseed_kube-system(69c12074e336b0dbbd0a1666ce05226a)” failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.281580 28516 kuberuntime_manager.go:647] createPodSandbox for pod “kube-scheduler-kickseed_kube-system(69c12074e336b0dbbd0a1666ce05226a)” failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.281875 28516 pod_workers.go:186] Error syncing pod 69c12074e336b0dbbd0a1666ce05226a (“kube-scheduler-kickseed_kube-system(69c12074e336b0dbbd0a1666ce05226a)”), skipping: failed to “CreatePodSandbox” for “kube-scheduler-kickseed_kube-system(69c12074e336b0dbbd0a1666ce05226a)” with CreatePodSandboxError: “CreatePodSandbox for pod "kube-scheduler-kickseed_kube-system(69c12074e336b0dbbd0a1666ce05226a)" failed: rpc error: code = Unknown desc = failed pulling image "gcr.io/google_containers/pause-amd64:3.0": Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout” Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.380290 28516 event.go:209] Unable to write event: ‘Patch https://172.17.41.15:6443/api/v1/namespaces/default/events/kickseed.150ecf46afb098b7: dial tcp 172.17.41.15:6443: getsockopt: connection refused’ (may retry after sleeping) Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.933783 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://172.17.41.15:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.934707 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:03 kickseed kubelet[28516]: E0131 14:45:03.935921 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.281024 28516 remote_runtime.go:92] RunPodSandbox from runtime service failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.281352 28516 kuberuntime_sandbox.go:54] CreatePodSandbox for pod “kube-controller-manager-kickseed_kube-system(6546d6faf0b50c9fc6712ce25ee9b6cb)” failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.281634 28516 kuberuntime_manager.go:647] createPodSandbox for pod “kube-controller-manager-kickseed_kube-system(6546d6faf0b50c9fc6712ce25ee9b6cb)” failed: rpc error: code = Unknown desc = failed pulling image “gcr.io/google_containers/pause-amd64:3.0”: Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.281938 28516 pod_workers.go:186] Error syncing pod 6546d6faf0b50c9fc6712ce25ee9b6cb (“kube-controller-manager-kickseed_kube-system(6546d6faf0b50c9fc6712ce25ee9b6cb)”), skipping: failed to “CreatePodSandbox” for “kube-controller-manager-kickseed_kube-system(6546d6faf0b50c9fc6712ce25ee9b6cb)” with CreatePodSandboxError: “CreatePodSandbox for pod "kube-controller-manager-kickseed_kube-system(6546d6faf0b50c9fc6712ce25ee9b6cb)" failed: rpc error: code = Unknown desc = failed pulling image "gcr.io/google_containers/pause-amd64:3.0": Error response from daemon: Get https://gcr.io/v1/_ping: dial tcp 172.217.6.127:443: i/o timeout” Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.934694 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://172.17.41.15:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.935613 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:04 kickseed kubelet[28516]: E0131 14:45:04.936669 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:05 kickseed kubelet[28516]: W0131 14:45:05.073692 28516 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d Jan 31 14:45:05 kickseed kubelet[28516]: E0131 14:45:05.074106 28516 kubelet.go:2105] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized Jan 31 14:45:05 kickseed kubelet[28516]: E0131 14:45:05.935680 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://172.17.41.15:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:05 kickseed kubelet[28516]: E0131 14:45:05.937423 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:05 kickseed kubelet[28516]: E0131 14:45:05.937963 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:45:05 kickseed kubelet[28516]: I0131 14:45:05.974034 28516 kubelet_node_status.go:273] Setting node annotation to enable volume controller attach/detach Jan 31 14:45:06 kickseed kubelet[28516]: I0131 14:45:06.802447 28516 kubelet_node_status.go:273] Setting node annotation to enable volume controller attach/detach Jan 31 14:45:06 kickseed kubelet[28516]: I0131 14:45:06.804242 28516 kubelet_node_status.go:82] Attempting to register node kickseed Jan 31 14:45:06 kickseed kubelet[28516]: E0131 14:45:06.804778 28516 kubelet_node_status.go:106] Unable to register node “kickseed” with API server: Post https://172.17.41.15:6443/api/v1/nodes: dial tcp 172.17.41.15:6443: getsockopt: con
xx@xx:~$ sudo systemctl status kubelet:
kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/kubelet.service.d └─11-kubeadm.conf, 10-kubeadm1.conf, 90-local-extras.conf Active: active (running) since Wed 2018-01-31 13:53:46 CST; 49min ago Docs: http://kubernetes.io/docs/ Main PID: 28516 (kubelet) Tasks: 13 Memory: 37.8M CPU: 22.767s CGroup: /system.slice/kubelet.service └─28516 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --cgroup-driver=cgroupfs --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --cluster-dns=10.96.0.10 --cluster-domain=cluster.local --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt --cadvisor-port=0 --rotate-certificates=true --cert-dir=/var/lib/kubelet/pki --fail-swap-on=false
Jan 31 14:43:17 kickseed kubelet[28516]: E0131 14:43:17.862590 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:17 kickseed kubelet[28516]: E0131 14:43:17.863474 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:18 kickseed kubelet[28516]: E0131 14:43:18.621818 28516 event.go:209] Unable to write event: ‘Patch https://172.17.41.15:6443/api/v1/namespaces/default/events/kickseed.150ecf46afb098b7: dial tcp 172.17.41.15:6443: getsockopt: connection refused’ (may retry after sleeping) Jan 31 14:43:18 kickseed kubelet[28516]: E0131 14:43:18.862440 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://172.17.41.15:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:18 kickseed kubelet[28516]: E0131 14:43:18.863379 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:18 kickseed kubelet[28516]: E0131 14:43:18.864424 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:19 kickseed kubelet[28516]: E0131 14:43:19.255460 28516 eviction_manager.go:238] eviction manager: unexpected err: failed to get node info: node “kickseed” not found Jan 31 14:43:19 kickseed kubelet[28516]: E0131 14:43:19.863266 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://172.17.41.15:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:19 kickseed kubelet[28516]: E0131 14:43:19.864238 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:474: Failed to list *v1.Node: Get https://172.17.41.15:6443/api/v1/nodes?fieldSelector=metadata.name%3Dkickseed&limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused Jan 31 14:43:19 kickseed kubelet[28516]: E0131 14:43:19.865262 28516 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:465: Failed to list *v1.Service: Get https://172.17.41.15:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 172.17.41.15:6443: getsockopt: connection refused
Some docker images are listed as followed: gcr.io/google_containers/kube-apiserver-amd64:v1.9.2 gcr.io/google_containers/kube-controller-manager-amd64:v1.9.2 gcr.io/google_containers/kube-scheduler-amd64:v1.9.2 gcr.io/google_containers/kube-proxy-amd64:v1.9.2 gcr.io/google_containers/etcd-amd64:3.2.14 gcr.io/google_containers/pause-amd64:3.1 gcr.io/google_containers/kube-dnsmasq-amd64:1.4.1 gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.2 gcr.io/google_containers/kubedns-amd64:1.9 gcr.io/google_containers/kube-discovery-amd64:1.0 gcr.io/google_containers/exechealthz-amd64:v1.2.0 gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8 gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8 gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8 gcr.io/google_containers/dnsmasq-metrics-amd64:1.0.1
What you expected to happen?
kubeadm init should complete
How to reproduce it (as minimally and precisely as possible)?
virtualbox with Ubuntu 16.04 and kubeadm 1.9.2
Anything else we need to know?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 12
- Comments: 68 (2 by maintainers)
As workaround
1/ create a docker registry on your kubernetes master
2/ declare your kubernetes master as gcr.io in /etc/hosts
3/ On machine with internet access, log on ggogle cloud and download image exemple: gloud docker – pull gcrio/goole_container/pause-amd64:3.0 gloud docker – save -o /tmp/pause-amd.tar gcrio/goole_container/pause-amd64:3.0
4/ Upload images to a docker repo registy docker load -i /tmp/pause-amd64.tar docker tag gcr.io/Google_containers/pause-amd64:3.0 yourdokerregistry:pause-amd64:3.0 docker push yourdokerregistry:pause-amd64:3.0
5/ On your kebernetes master as gcr.io docker registry
Get images from your docker registry repo docker pull yourdockerregistry:pause-amd64:3.0
Pull to your local gcr.io docker registry docker tag yourdockerregistry:pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0 docker push gcr.io/google_containers/pause-amd64:3.0
Download all images used by kubeadm init . See in the /etc/kubernetes/manifest/*.yaml
https://github.com/kubernetes/kubernetes/issues/59680#issuecomment-364646304 disable selinux helped me.
Same issue with v1.10 on Ubuntu 16.04 on arm64.
downgrading to 1.8.10 fixed the issue for me.
I spent so much time trying to figure this out. I disabled ufw, turned off selinux, made sure ip forwading is on and also /proc/sys/net/bridge/bridge-nf-call-iptables is set to 1. Nothing seemed to solve the problem.
Finally I decided to downgrade and then upgrade.
sudo apt-get -y --allow-downgrades install kubectl=1.5.3-00 kubelet=1.5.3-00 kubernetes-cni=0.3.0.1-07a8a2-00andcurl -Lo /tmp/old-kubeadm.deb https://apt.k8s.io/pool/kubeadm_1.6.0-alpha.0.2074-a092d8e0f95f52-00_amd64_0206dba536f698b5777c7d210444a8ace18f48e045ab78687327631c6c694f42.debto downgrade from 1.10 and then just
sudo apt-get -y install kubectl kubelet kubernetes-cni kubeadmEtcd was restarting and the api-server was timing out. After sometime the api-server restarts complaining about not being able to connect. Is there a way we can have DEBUG level logging turned on? Now sure what causes this. But its working now. I would definitely like to reproduce this and troubleshoot it.
Check the number of CPU’s you have on the hadware you install - 2 is required on the master to install as I’ve written above just over 3 weeks ago.
I had the same problem, cancelled and ran
resetand then the sameinitas previously but with--apiserver-advertise-address=<my_host_public_ip_address>– and it worked.For people in China who behind THE GREAT FIREWALL
is it possible that list the images below, and we pull them manually by proxy, then init the kubeadm again. will it work? cuz, we are in China, u know, the GFW. And I’m new to k8s, stucked here when setup on centos7.
In my case, I found that the etcd container was starting up and then exiting with error, and this was causing
kubeadm initto hang and eventually time out.To check if this is biting you, run
docker ps -aand check the status of the etcd container. If it’s not running, check the logs for the etcd container (docker logs <container-id>), and see if it’s complaining about being unable to bind to an address. See this issue report: https://github.com/kubernetes/kubernetes/issues/57709The issue I just mentioned has a workaround, but make sure that’s what you’re running in to first.
I have the same issue on Raspberry Pi 3, HypriotOS. Downgrading to 1.9.7-00 also worked for me.
I was able to make it work by installing v1.9.6 instead of the last version. So it works normally with v1.9.6 but fails with v1.10.0 and v1.10.1 on ubuntu 16.04 on arm64 on sopine boards.
I have the same issue, centos 7, kubelet v1.9.3; But it seems the images are downloaded successfully,
docker imagesgcr.io/google_containers/kube-apiserver-amd64 v1.9.3 360d55f91cbf 4 weeks ago 210.5 MB gcr.io/google_containers/kube-controller-manager-amd64 v1.9.3 83dbda6ee810 4 weeks ago 137.8 MB gcr.io/google_containers/kube-scheduler-amd64 v1.9.3 d3534b539b76 4 weeks ago 62.71 MB gcr.io/google_containers/etcd-amd64 3.1.11 59d36f27cceb 3 months ago 193.9 MB gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 22 months ago 746.9 kBcentos 7 and I set proxy in /etc/env then show as 👎 [WARNING FileExisting-crictl]: crictl not found in system path [WARNING HTTPProxy]: Connection to “https://192.168.1.128:6443” uses proxy “socks5://127.0.0.1:1080”. If that is not intended, adjust your proxy settings [WARNING HTTPProxyCIDR]: connection to “10.96.0.0/12” uses proxy “socks5://127.0.0.1:1080”. This may lead to malfunctional cluster setup. Make sure that Pod and Services IP ranges specified correctly as exceptions in proxy configuration
I have same issue on CentOS 7