I installed a node with Windows Server 2022 and ContainerD. I can run containers with ctr
and crictl
.
Now, I am following the howto sig-windows-tools/guides/guide-for-adding-windows-node.md at master · kubernetes-sigs/sig-windows-tools · GitHub.
I am getting stuck with the Join command:
kubeadm join control-plane-ip:6443 --token TOKEN --discovery-token-ca-cert-hash sha256:HASH
This is what I get:
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W0905 09:51:06.429392 1936 initconfiguration.go:119] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "npipe" to the "criSocket" with value "unix:///var/run/unknown.sock". Please update your configuration!
W0905 09:51:06.438944 1936 utils.go:69] The recommended value for "clusterDNS" in "KubeletConfiguration" is: [10.233.0.10]; the provided value is: [169.254.25.10]
W0905 09:51:06.440247 1936 utils.go:69] The recommended value for "authentication.x509.clientCAFile" in "KubeletConfiguration" is: \etc\kubernetes\ssl\ca.crt; the provided value is: /etc/kubernetes/ssl/ca.crt
[kubelet-start] Writing kubelet configuration to file "\\var\\lib\\kubelet\\config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "\\var\\lib\\kubelet\\kubeadm-flags.env"
[kubelet-start] Starting the kubelet
W0905 09:51:17.010738 1936 kubelet.go:43] [kubelet-start] WARNING: unable to start the kubelet service: [couldn't start service kubelet: timeout waiting for kubelet service to start]
[kubelet-start] Please ensure kubelet is reloaded and running manually.
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connectex: No connection could be made because the target machine actively refused it..
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
error execution phase kubelet-start: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher
The kubelet
service gets Paused
immediately I run kubeadm join
.
I am using v1.25.6.
Any ideas?
Followup 1
In the logs I see this interestimg line:
E0905 10:27:46.181634 11644 run.go:74] "command failed" err="failed to construct kubelet dependencies: unable to load client CA file C:\\etc\\kubernetes\\ssl\\ca.crt: open C:\\etc\\kubernetes\\ssl\\ca.crt: The system cannot find the path specified."
Indeed, C:\etc\kubernetes\ssl does not exist, but C:\etc\kubernetes\pki does. How to point the Kubelet to the right path?