kubernetes: kubernetes - Couldn't able to join master node - error execution phase preflight: couldn't validate the identity of the API Server

What happened: After setting up the master node, worker node couldn’t able to join the master. I get the error message - “couldn’t validate the identity of the API Server”

Here are the details - I am using VMs

  1. master - 2cpu, 2 GB memory
  2. worker - 1 cpu, 1 GB memory
  3. OS - ubuntu - Ubuntu 18.04.3 LTS- hashicorp/bionic64

I did setup the master node successfully and i can see it is up and running

vagrant@master:~$ kubectl get nodes
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   29m   v1.18.2

Here is token which i have generated

vagrant@master:~$ kubeadm token create --print-join-command
W0419 13:45:52.513532   16403 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521

Issue- But when i try to join it from the worker node i get

vagrant@worker:~$ sudo kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521 
W0419 13:46:17.651819   15987 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: couldn't validate the identity of the API Server: Get https://10.0.2.15:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: dial tcp 10.0.2.15:6443: connect: connection refused
To see the stack trace of this error execute with --v=5 or higher

Ports occupied on the master node

10.0.2.15:2379 
10.0.2.15:2380 
10.0.2.15:68

Note - I am using CNI from - kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

What you expected to happen: Worker node should be able to join master node

How to reproduce it (as minimally and precisely as possible): I pretty much followed standard steps to setup master and worker node.

Anything else we need to know?:

Environment:

  • Kubernetes version (use kubectl version): kubeadm version: &version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.2”, GitCommit:“52c56ce7a8272c798dbc29846288d7cd9fbae032”, GitTreeState:“clean”, BuildDate:“2020-04-16T11:54:15Z”, GoVersion:“go1.13.9”, Compiler:“gc”, Platform:“linux/amd64”}
  • Cloud provider or hardware configuration: I am using VMs
  • OS (e.g: cat /etc/os-release):Ubuntu 18.04.3 LTS - hashicorp/bionic64
  • Kernel (e.g. uname -a): Linux 4.15.0-58-generic
  • Install tools:
  • Network plugin and version (if this is a network-related bug): Using CNI from https://docs.projectcalico.org/manifests/calico.yaml
  • Others:

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 27 (4 by maintainers)

Most upvoted comments

dial tcp 10.0.2.15:6443: connect: connection refused indicates the node is having trouble accessing the master via networking. Can you run nc -zv 10.0.2.15 6443 from the node and paste the output?

+1
quercy on Apr 22, 2020
Read more comments on GitHub
← kubernetes: kubeproxy ipvs updates are slow and seems to be affected by node load.
kubernetes: Kubernetes 1.0.0 apiserver using http got errors →