kubeadm join Failed to request cluster info

Question

I have two server to work as master and work node on AWS Cloud Setup.

master node
  17.51.233.41
work node
  17.51.34.188

In master node, I success using kubeadm init to setup with Calico network. It report message code for me to join other node

kubeadm join 172.31.43.44:6443 --token XXX \
    --discovery-token-ca-cert-hash sha256:XXX

But when I try to using this code to join work node, it seems cannot access to this ip port 172.31.43:6443, and report error message below.

I0124 11:38:19.807720    
6665 token.go:191] [discovery] Failed to connect to API Server "172.31.43.44:6443": 
Get https://172.31.43.44:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: 
context deadline exceeded (Client.Timeout exceeded while awaiting headers)

How can I connect work node to the master?

Answer 1

If you're behind the proxy servers, then make the file:

/etc/systemd/system/containerd.service.d/http-proxy.conf

put the following lines in the file, and restart the daemon & containerd:

[Service]
Environment="HTTP_PROXY=http://server-ip:8080"
Environment="HTTPS_PROXY=http://server-ip:8080"
Environment="NO_PROXY=localhost,master-node-ip"
Environment="master-node-ip"

systemctl daemon-reload
systemctl restart containerd

Also,

export no_proxy=127.0.0.1,localhost,master-node-ip
export https_proxy=http://master-node-ip:8080
export http_proxy=http://master-node-ip:8080

After then try to join to the master node, it shall work.

Answer 2

I think you need to allow traffic from worker to master by creating application security group in AWS EC2 dashboard. Here is the documentation on how to create security group for EC2 instance.

Answer 3

Master node & worker node should be reachable to each other - and should be in same subnet - example if master node having IP - 17.51.233.41/24 then worker node should be somewhere 17.51.233.X/24.