使用kk命令创建高可用集群失败

rocky

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。如果未按模板创建问题，管理员有权关闭问题。
确保帖子格式清晰易读，用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。

操作系统信息
aws云主机 centos7.9

Kubernetes版本信息
将 kubectl version 命令执行结果贴在下方

1.21.5

容器运行时
将 docker version / crictl version / nerdctl version 结果贴在下方

运行kk命令自动安装

KubeSphere版本信息
还未安装

问题是什么

通过aws部署高空用集群，使用kk命令创建集群。

参考之前的部署文档，在aws部署高可用集群

curl -sfL https://get-kk.kubesphere.io | VERSION=v1.2.0 sh -

./kk create config -f config-HA.yaml

./kk init os -f config-HA.yaml

./kk create cluster -f config-HA.yaml

[reset] Reading configuration from the cluster…

[reset] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’

W0627 12:13:13.274097 18235 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get config map: Get “https://lb.kubesphere.local:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s”: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

[preflight] Running pre-flight checks

W0627 12:13:13.274254 18235 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory

[reset] No etcd config found. Assuming external etcd

[reset] Please, manually reset etcd to prevent further issues

[reset] Stopping the kubelet service

[reset] Unmounting mounted directories in “/var/lib/kubelet”

[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]

[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]

[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.

If you wish to reset iptables, you must do so manually by using the “iptables” command.

If your cluster was setup to utilize IPVS, run ipvsadm –clear (or similar)

to reset your system’s IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.

Please, check the contents of the $HOME/.kube/config file.

ERRO[12:17:39 CST] Failed to init kubernetes cluster: Failed to exec command: sudo env PATH=$PATH:/sbin:/usr/sbin /bin/sh -c “/usr/local/bin/kubeadm init –config=/etc/kubernetes/kubeadm-config.yaml –ignore-preflight-errors=FileExisting-crictl”

W0627 12:13:15.216098 18504 utils.go:69] The recommended value for “clusterDNS” in “KubeletConfiguration” is: [10.233.0.10]; the provided value is: [169.254.25.10]

[init] Using Kubernetes version: v1.21.5

[preflight] Running pre-flight checks

[preflight] Pulling images required for setting up a Kubernetes cluster

[preflight] This might take a minute or two, depending on the speed of your internet connection

[preflight] You can also perform this action in beforehand using ‘kubeadm config images pull’

[certs] Using certificateDir folder “/etc/kubernetes/pki”

[certs] Generating “ca” certificate and key

[certs] Generating “apiserver” certificate and key

[certs] apiserver serving cert is signed for DNS names [k8s-master1 k8s-master1.cluster.local k8s-master2 k8s-master2.cluster.local k8s-master3 k8s-master3.cluster.local kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local lb.kubesphere.local localhost] and IPs [10.233.0.1 192.168.1.117 127.0.0.1 192.168.1.50 192.168.1.71 192.168.1.39]

[certs] Generating “apiserver-kubelet-client” certificate and key

[certs] Generating “front-proxy-ca” certificate and key

[certs] Generating “front-proxy-client” certificate and key

[certs] External etcd mode: Skipping etcd/ca certificate authority generation

[certs] External etcd mode: Skipping etcd/server certificate generation

[certs] External etcd mode: Skipping etcd/peer certificate generation

[certs] External etcd mode: Skipping etcd/healthcheck-client certificate generation

[certs] External etcd mode: Skipping apiserver-etcd-client certificate generation

[certs] Generating “sa” key and public key

[kubeconfig] Using kubeconfig folder “/etc/kubernetes”

[kubeconfig] Writing “admin.conf” kubeconfig file

[kubeconfig] Writing “kubelet.conf” kubeconfig file

[kubeconfig] Writing “controller-manager.conf” kubeconfig file

[kubeconfig] Writing “scheduler.conf” kubeconfig file

[kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”

[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”

[kubelet-start] Starting the kubelet

[control-plane] Using manifest folder “/etc/kubernetes/manifests”

[control-plane] Creating static Pod manifest for “kube-apiserver”

[control-plane] Creating static Pod manifest for “kube-controller-manager”

[control-plane] Creating static Pod manifest for “kube-scheduler”

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory “/etc/kubernetes/manifests”. This can take up to 4m0s

[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:

	timed out waiting for the condition

This error is likely caused by:

	- The kubelet is not running

	- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:

	- 'systemctl status kubelet'

	- 'journalctl -xeu kubelet'

Additionally, a control plane component may have crashed or exited when started by the container runtime.

To troubleshoot, list all containers using your preferred container runtimes CLI.

Here is one example how you may list all Kubernetes containers running in docker:

	- 'docker ps -a | grep kube | grep -v pause'

	Once you have found the failing container, you can inspect its logs with:

	- 'docker logs CONTAINERID'

error execution phase wait-control-plane: couldn’t initialize a Kubernetes cluster

To see the stack trace of this error execute with –v=5 or higher: Process exited with status 1 node=192.168.1.117

WARN[12:17:39 CST] Task failed …

WARN[12:17:39 CST] error: interrupted by error

Error: Failed to init kubernetes cluster: interrupted by error

Usage:

kk create cluster [flags]

Flags:

  --container-manager string   Container runtime: docker, crio, containerd and isula. (default "docker")

  --download-cmd string        The user defined command to download the necessary binary files. The first param '%s' is output path, the second param '%s', is the URL (default "curl -L -o %s %s")

-f, –filename string Path to a configuration file

-h, –help help for cluster

  --skip-pull-images           Skip pre pull images

  --with-kubernetes string     Specify a supported version of kubernetes (default "v1.21.5")

  --with-kubesphere            Deploy a specific version of kubesphere (default v3.2.0)

  --with-local-storage         Deploy a local PV provisioner

-y, –yes Skip pre-check of the installation

Global Flags:

  --debug        Print detailed information (default true)

  --in-cluster   Running inside the cluster

Failed to init kubernetes cluster: interrupted by error

24sama

rocky
systemctl status kubelet 可以排查一下问题。

可能是你的lb有问题，访问超时了

rocky

安全组是打开的6443端口

网络接口：

运行KK命令的时候，在目标群组也能看到 k8s-master1节点在线，后面就处于不健康状态。

24sama

rocky
看kubelet日志应该是连不上lb这个地址