kubernetes - Kubernetes：无法加入不同的子网 - TLS Bootstrap 超时

问题描述

我在 AWS 上有两台 Ubuntu 18.04 服务器机器（网络配置没问题，我什至可以通过 SSH 在它们之间进行连接，但它们位于同一 LAN 的不同子网上）。Ubuntu 防火墙也被禁用。

M1：172.31.32.210/255.255.240.0 -> 172.31.32.0/20 

M2：172.31.20.59/255.255.240.0 -> 172.31.16.0/20

我在master上执行的命令：

sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-cert-extra-sans=17
2.31.32.210
# After that
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config  

我注意到，由于它们位于不同的子网上，我需要创建一个 Calico 节点来实现它们之间的通信：https ://docs.projectcalico.org/getting-started/kubernetes/quickstart

完成所有这些之后，我介绍了返回 init procudure 的 kubeadm join 命令，出现以下消息...无法建立连接：

ubuntu@ip-175-31-20-59:~$ sudo kubeadm join 172.31.45.77:6443 --token yht6uv.zrynwczvad9ra5e4     --discovery-token-ca-cert-hash sha256:6f4f3e98067151768d1339b52159b5469cb83511ad6ea31dc26e15e8631074f6
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher

我已经学习了许多教程（例如this或this），但是当我在 worker 上执行 join 命令时，我总是发现相同的问题，即 TLS Bootstrap。任何想法？

标签： kubernetesproject-calico