Kubeadm join on windows is failing since Kubelet is down

Hello community.

I am trying to deploy an on prem Kubernetes cluster with ubuntu and windows machine.
the setup I have is the following:
Kubernetes version: 1.28
containerD version: 1.7(windows) and 1.6(linux)
container runtime: ContainerD
windows-sorker: Windows Server 2022 21H2
Contorl-node: ubuntu 22.04
linux worker: ubuntu 22.04
initialization by kubeadm

Issue starts here:
After installing containerd using the powershell script provided by ContainerD Setup
And installing kubernetes tools using the sig-windows-tools powershell script.
I ran the join script provided by my control node:

kubeadm join 192.168.x.x:6443 --token TOKEN --discovery-token-ca-cert-hash sha256:HASH --cri-socket="npipe:////./pipe/containerd-containerd"

here is the output:

[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W0207 14:55:30.736204    3388 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "npipe" to the "criSocket" with value "unix:///var/run/unknown.sock". Please update your configuration!
W0207 14:55:30.740074    3388 utils.go:69] The recommended value for "authentication.x509.clientCAFile" in "KubeletConfiguration" is: \etc\kubernetes\pki\ca.crt; the provided value is: /etc/kubernetes/pki/ca.crt
[kubelet-start] Writing kubelet configuration to file "\\var\\lib\\kubelet\\config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "\\var\\lib\\kubelet\\kubeadm-flags.env"
[kubelet-start] Starting the kubelet
W0207 14:55:41.047667    3388 kubelet.go:43] [kubelet-start] WARNING: unable to start the kubelet service: [couldn't start service kubelet: timeout waiting for kubelet service to start]
[kubelet-start] Please ensure kubelet is reloaded and running manually.
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - 'journalctl -xeu kubelet'
error execution phase kubelet-start: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher

Investigation:
after investigating a bit i found that the kublet service paused. I tried to get an output of the error by running kubelet command, and this is the error i found:

E0207 15:09:40.843756    7096 run.go:74] "command failed" err="failed to validate kubelet configuration, error: [invalid configuration: CgroupsPerQOS (--cgroups-per-qos) true is not supported on Windows, invalid configuration: EnforceNodeAllocatable (--enforce-node-allocatable) [pods] is not supported on Windows], path: &TypeMeta{Kind:,APIVersion:,}"

I am trying to join a windows machine to an existing cluster using Kubeadm

1 Like

This blog post from James seem a bit old. I’d recommend you follow the updated guidance here: sig-windows-tools/guides/guide-for-adding-windows-node.md at master · kubernetes-sigs/sig-windows-tools (github.com)