kubeadm join fails to request cluster info (forbidden)

Created on 13 Jun 2017  路  5Comments  路  Source: kubernetes/kubeadm

What keywords did you search in kubeadm issues before filing this one?

Related to https://github.com/kubernetes/kubeadm/issues/223 , but the proposed solution doesn't fix the problem.

Is this a BUG REPORT or FEATURE REQUEST?

BUG REPORT

Versions

kubeadm version (use kubeadm version):
master: kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"} d0603

slave: kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

Environment:

  • Kubernetes version (use kubectl version): Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud provider or hardware configuration: VPS in corporate datacenter
  • OS (e.g. from /etc/os-release): Ubuntu 16.04
  • Kernel (e.g. uname -a): Linux NAME 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
  • Others: I installed calico with kubectl apply -f http://docs.projectcalico.org/v2.3/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

What happened?

Following this guide https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ I would like to add a node to my cluster with kubeadm join.
This returns the following output:

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "IP_ADDRESS:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://IP_ADDRESS:6443"
[discovery] Failed to request cluster info, will try again: [Get https://IP_ADDRESS:6443/api/v1/namespaces/kube-public/configmaps/cluster-info: Forbidden]

What you expected to happen?

I expected the node to connect to master

How to reproduce it (as minimally and precisely as possible)?

Follow the documentation linked above.

  1. Install docker from repository
  2. Set docker proxies
  3. Install kubectl binary via curl
  4. Install kubeadm as described in the guide
  5. Run the kubeadm post-install steps
  6. Try to run kubeadm join from the node

Anything else we need to know?

nmap says that port 6443 on master is open 

PORT     STATE SERVICE
6443/tcp open  unknown
picture Steffen911

Most helpful comment

Solution: Execute join command with no_proxy: no_proxy=IP_ADDRESS kubeadm join [...]

picture Steffen911 on 14 Jun 2017
👍8

All 5 comments

If I pass a Hostname instead of an IP to the join operation fails in the second step:

$ kubeadm join --token TOKEN.TOKEN HOSTNAME:6443

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "HOSTNAME:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://HOSTNAME:6443"
[discovery] Cluster info signature and contents are valid, will use API Server "https://HOSTNAME:6443"
[discovery] Successfully established connection with API Server "HOSTNAME:6443"
failed to check server version: Get https://IP_ADDRESS:6443/version: Forbidden

On the check of the server version it falls back to IP address though. Is this a configuration issue? Is it possible to initialize the root with a hostname instead of its IP address?

Steffen911 picture Steffen911 on 14 Jun 2017

Solution: Execute join command with no_proxy: no_proxy=IP_ADDRESS kubeadm join [...]

Steffen911 picture Steffen911 on 14 Jun 2017
👍8

@Steffen911 . I am getting the same issue. Could you please let me know what does no_proxy=IP_ADDRESS means which IP_ADDRESS you are talking about?

Below the output of netstat -tulnp | grep 6443 on master :
tcp6 0 0 :::6443 :::* LISTEN 12181/kube-apiserve

satyamsah picture satyamsah on 18 Nov 2017

@satyamsah If you see this problem it most likely means that you are behind a proxy that blocks connections to your k8s-master.
If you set no_proxy=IP_ADDRESS where IP_ADDRESS is the public IP of your k8s-master-node it ignores your proxy settings for this call.

Steffen911 picture Steffen911 on 18 Nov 2017

@Steffen911 I tried with no_proxy..... still receive the same error

charanreddy18-vk picture charanreddy18-vk on 21 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ep4eg picture ep4eg  路  3Comments
ggaaooppeenngg picture ggaaooppeenngg  路  4Comments
mattmoyer picture mattmoyer  路  4Comments
kvaps picture kvaps  路  3Comments
cnmade picture cnmade  路  4Comments