Unable to join k3s agent to to k3s server

Hello,

I am getting the below error on the K3S server.

Sep 15 01:27:03 ip-10-0-0-62 k3s[10298]: I0915 01:27:03.325793   10298 log.go:172] http: TLS handshake error from 52.243.64.166:5                           7992: remote error: tls: bad certificate

And on worker node, I am getting the below errors

Sep 15 02:16:33 k3s-worker-node-01 k3s[12153]: time="2020-09-15T02:16:33.435338130Z" level=error msg="Failed to connect to proxy" error="dial tcp 10.0.0.62:6443: connect: connection timed out"
Sep 15 02:16:33 k3s-worker-node-01 k3s[12153]: time="2020-09-15T02:16:33.435402030Z" level=error msg="Remotedialer proxy error" error="dial tcp 10.0.0.62:6443: connect: connection timed out"
Sep 15 02:16:38 k3s-worker-node-01 k3s[12153]: time="2020-09-15T02:16:38.435639362Z" level=info msg="Connecting to proxy" url="wss://10.0.0.62:6443/v1-k3s/connect"

I created a K3S server with the below commands:

curl -sfL https://get.k3s.io | sh -

and installed k3s agent on the node as below:

export NODE_TOKEN=K10e5ae49a964b013769ddd64f6541fc89de8eae6ec18ae5a6cdb432dfc59146226::server:b08cc8be4a07986ac1d062e9061ca74b
curl -sfL https://get.k3s.io | K3S_URL=https://54.252.228.96:6443 K3S_TOKEN=$NODE_TOKEN sh -

Is it possible to create a K3S without certificates or say to ignore certificates when a node wants to join the master?

P. S: I created another node and I now get an additional line. Please check the error on K3S Server:

Sep 15 03:59:35 ip-10-0-0-62 k3s[10298]: time="2020-09-15T03:59:35.061528094Z" level=error msg="Node password validation failed for 'k3s-worker-node-01', using passwd file '/var/lib/rancher/k3s/server/cred/node-passwd'"
Sep 15 03:59:40 ip-10-0-0-62 k3s[10298]: I0915 03:59:40.103066   10298 log.go:172] http: TLS handshake error from 40.115.78.91:43882: remote error: tls: bad certificate

I deleted all records for string match k3s-worker-node-01
From:

ubuntu@ip-10-0-0-62:~$ sudo cat /var/lib/rancher/k3s/server/cred/node-passwd
404e8f06c639941eec831e1abd55ffbe,ip-10-0-0-62,ip-10-0-0-62,
2cb2df57393b6aa8bbad5d707cf40b5e,k3-worker-node-01,k3-worker-node-01,
afd3639b69720d8dab7790afe6db1f64,ip-10-0-0-52,ip-10-0-0-52,
7c0598daed68bd7f4e0ca4d1f09ce4f6,vm-2,vm-2,
9aedbb269642a68c164da0b2fb6325fa,ip-10-0-0-45,ip-10-0-0-45,
007783d29bbc098fd06299b4a17aa1f0,k3s-worker-node-01,k3s-worker-node-01,

To

ubuntu@ip-10-0-0-62:~$ sudo cat /var/lib/rancher/k3s/server/cred/node-passwd
404e8f06c639941eec831e1abd55ffbe,ip-10-0-0-62,ip-10-0-0-62,
afd3639b69720d8dab7790afe6db1f64,ip-10-0-0-52,ip-10-0-0-52,
9aedbb269642a68c164da0b2fb6325fa,ip-10-0-0-45,ip-10-0-0-45,

P.S: How can I change the private IP of the K3S server to its public IP? is there is any configuration?

Logs on K3S worker node as below:

ep 15 07:18:42 test2 k3s[3728]: time="2020-09-15T07:18:42.148486652Z" level=info msg="Connecting to proxy" url="wss://10.0.0.62:6443/v1-k3s/connect"
Sep 15 07:20:52 test2 k3s[3728]: time="2020-09-15T07:20:52.316188066Z" level=error msg="Failed to connect to proxy" error="dial tcp 10.0.0.62:6443: connect: connection timed out"
Sep 15 07:20:52 test2 k3s[3728]: time="2020-09-15T07:20:52.316256565Z" level=error msg="Remotedialer proxy error" error="dial tcp 10.0.0.62:6443: connect: connection timed out"

There is definitely a route from worker node to master on port 6443

azureuser@test2:~$ !te
telnet 54.252.194.162 6443
Trying 54.252.194.162...
Connected to 54.252.194.162.
Escape character is '^]'.
^CConnection closed by foreign host.
azureuser@test2:~$ curl ifconfig.io
40.127.81.81
azureuser@test2:~$
1 Like

having the same error here!

Not only adding agent to the server will cause this error; adding the server to the server cluster on the public network ip will also cause an error