Score:1

Server

K8s: discovery Failed to request cluster-info (forbidden)

guettli

5/21/23, 3:53 PM

The command kubeadm join 192.168.178.38:6443 ... fails

The host/port is reachable. I tested it with telnet.

But I get this on the node:

[discovery] Failed to request cluster-info, will try again: 
    configmaps "cluster-info" is forbidden: 
    User "system:anonymous" cannot get resource "configmaps" in API group "" 
    in the namespace "kube-public"

Where can I find the logs on the control-plane (master-node)?

Maybe I can find more details there way the request failed.

460

0 + 0

kubernetes

kubeadm

mdaniel

5/22/23, 2:20 AM

It's almost certainly that your join-token has expired; they're time bounded unless you take steps to make them last longer

guettli

5/22/23, 2:52 PM

@mdaniel I don't think so. I created a new token just some minutes ago. Since I don't like guessing, I would like to have a look at the logs of the control-plane to see if I can find more details there. But how to get the logs of the control-plane?

mdaniel

5/22/23, 5:51 PM

No one can possibly give you an accurate general answer to that question, given the literally infinite ways one could possibly run the control plane. But, in sane containerized setups, it would be `kubectl -n kube-system logs $apiserver_pod_name`, or `docker logs $apiserver_cid`, or `ctr logs $apiserver_cid` as one would expect. In this specific case, however, you'll get a lot more mileage out of cranking up the `kubeadm` verbosity, since it is failing to provide the credentials (that's why `system:anonymous` is in the response). You'll benefit from seeing if _you_ can read `cluster-info`, too

Rajesh Dutta

5/23/23, 11:12 AM

This problem is related to the access permission of the token. How are you generating the token? Are you using this command? kubeadm token create --print-join-command

Wytrzymały Wiktor

5/26/23, 1:56 PM

Hello @guettli. Any updates?

guettli

5/26/23, 6:50 PM

@WytrzymałyWiktor yes I created an answer, but I guess it would help you.

Score:1

Server

guettli

5/26/23, 6:50 PM

In my case there was something wrong with the hostname.

I installed the virtual-machine master with the name k8s.

But in the book I use for learning it is called k8scp.

So I renamed the virtual-machine.

This resulted into the above error message.

Then I re-installed the VM with the name k8scp and then it worked.

Unfortunately I don't know the real root-cause, since re-installing is not an option in most cases :-)

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: K8s: discovery Failed to request cluster-info (forbidden)

TH: K8s: การค้นพบล้มเหลวในการขอข้อมูลคลัสเตอร์ (ถูกห้าม)

RO: K8s: descoperire Nu s-a putut solicita informații despre cluster (interzis)

RU: K8s: обнаружение не удалось запросить информацию о кластере (запрещено)

VI: K8s: khám phá Không thể yêu cầu thông tin cụm (bị cấm)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.