Kubeadm init stuck on [init] This might take a minute or longer if the control plane images have to be pulled.

[ChristianCandelaria]

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

/sig bug

What happened:
Kubeadm init hangs at:

[init] Using Kubernetes version: v1.9.4
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks.
[WARNING FileExisting-crictl]: crictl not found in system path
[preflight] Starting the kubelet service
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.56.60]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated sa key and public key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "scheduler.conf"
[controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests".
[init] This might take a minute or longer if the control plane images have to be pulled.
...

What you expected to happen:
Cluster initialized. --> Kubernetes master inilized

How to reproduce it (as minimally and precisely as possible):
Install docker
Install kubeadm, kubelet, kubectl
use kubeadm init command

Anything else we need to know?:
Since yesterday when initializing a cluster it automatically used Kubernetes version: v1.9.4.
I tried forcing kubeadm to use --kubernetes-version=v1.9.3 but I still have the same issue.
Last week it was fine when I reset my Kubernetes cluster and reinitialize it again.
I found the issue yesterday when I wanted to reset my cluster again and reinitialize it and it got stuck.

I tried yum update, to update all my software, but still the same issue
I used Kubernetes v1.9.3 and after updating today... I'm using Kubernetes v1.9.4

Environment:

• Kubernetes version (use kubectl version):
  Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.4", GitCommit:"bee2d1505c4fe820744d26d41ecd3fdd4a3d6546", GitTreeState:"clean", BuildDate:"2018-03-12T16:29:47Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

• OS (e.g. from /etc/os-release):
  NAME="CentOS Linux"
  VERSION="7 (Core)"
  ID="centos"
  ID_LIKE="rhel fedora"
  VERSION_ID="7"
  PRETTY_NAME="CentOS Linux 7 (Core)"
  ANSI_COLOR="0;31"
  CPE_NAME="cpe:/o:centos:centos:7"
  HOME_URL="https://www.centos.org/"
  BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

• Kernel (e.g. uname -a):
  Linux master 3.10.0-514.el7.x86_64 Unit test coverage in Kubelet is lousy. (~30%) #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

• Install tools: Kubeadm

/kind bug

[tpepper]

/sig cluster-lifecycle

1.9.5 has the same issue
possible to investigate the issue?
what are steps we have to take in the future when an update comes out?

[Miyurz]

Same for v1.10.0 and v1.11.0 too.

# ./kubeadm init --kubernetes-version 1.10.0 
[init] Using Kubernetes version: v1.10.0
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks.
	[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.03.0-ce. Max validated version: 17.03
	[WARNING FileExisting-crictl]: crictl not found in system path
Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
[preflight] Starting the kubelet service
[certificates] Using the existing ca certificate and key.
[certificates] Using the existing apiserver certificate and key.
[certificates] Using the existing apiserver-kubelet-client certificate and key.
[certificates] Using the existing etcd/ca certificate and key.
[certificates] Using the existing etcd/server certificate and key.
[certificates] Using the existing etcd/peer certificate and key.
[certificates] Using the existing etcd/healthcheck-client certificate and key.
[certificates] Using the existing apiserver-etcd-client certificate and key.
[certificates] Using the existing sa key.
[certificates] Using the existing front-proxy-ca certificate and key.
[certificates] Using the existing front-proxy-client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Using existing up-to-date KubeConfig file: "/etc/kubernetes/admin.conf"
[kubeconfig] Using existing up-to-date KubeConfig file: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Using existing up-to-date KubeConfig file: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Using existing up-to-date KubeConfig file: "/etc/kubernetes/scheduler.conf"
[controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests".
[init] This might take a minute or longer if the control plane images have to be pulled.

[Miyurz]

on a side note, does anyone know how we can make kubeadm logs more verbose to understand what/why its actually hosed ? many thanks

[princerachit]

I followed advices from this link
First make sure you have switched off swap with sudo swapoff -a
Then add the following line if it does not exist to /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
Restart the kubelet service and docker service with systemctl restart docker && systemctl restart kubelet.service

Now run kubeadm init

[ChristianCandelaria]

This issue often comes back on each new release of Kubernetes version.
I still don't know what causes this problem.
But since I opened this ticket the kubeadm init gets stuck on each version release
and after 3 or 4 days kubeadm init works again like an angel fixes the problem.

[nikhilno1]

I am new to kubernetes and getting the same error on CentOS 7 (v1.10.0)

Apr 5 09:50:27 es-nikhil kubelet: I0405 09:50:27.518727 2793 kubelet_node_status.go:82] Attempting to register node es-nikhil
Apr 5 09:50:27 es-nikhil kubelet: E0405 09:50:27.519031 2793 kubelet_node_status.go:106] Unable to register node "es-nikhil" with API server: Post https://10.193.104.43:6443/api/v1/nodes: dial tcp 10.193.104.43:6443: getsockopt: connection refused

Tried everything that many posts have suggested but still not able to get it to work.
There is nobody listening on port 6443. Complete log attached.
Any help appreciated. Thanks.
kube.log

[toolboc]

I am getting a similar result to @nikhilno1 when attempting to initialize a master node on a raspberry pi. Any assistance is much appreciated.

kubeadm version: &version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/arm"

journalctl -xeu kubectl:

Apr 06 19:45:26 k8s-master kubelet[4153]: E0406 19:45:26.314242    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Service: Get https://192.168.1.184:6443/api/v1/services?limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:26 k8s-master kubelet[4153]: E0406 19:45:26.316249    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.1.184:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:26 k8s-master kubelet[4153]: W0406 19:45:26.322755    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:26 k8s-master kubelet[4153]: E0406 19:45:26.343319    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:26 k8s-master kubelet[4153]: E0406 19:45:26.597418    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:460: Failed to list *v1.Node: Get https://192.168.1.184:6443/api/v1/nodes?fieldSelector=metadata.name%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:31 k8s-master kubelet[4153]: W0406 19:45:31.352689    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:31 k8s-master kubelet[4153]: E0406 19:45:31.353707    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:32 k8s-master kubelet[4153]: I0406 19:45:32.378350    4153 kubelet_node_status.go:271] Setting node annotation to enable volume controller attach/detach
Apr 06 19:45:33 k8s-master kubelet[4153]: E0406 19:45:33.954306    4153 kubelet_node_status.go:106] Unable to register node "k8s-master" with API server: Post https://192.168.1.184:6443/api/v1/nodes: net/http: TLS handshake timeout
Apr 06 19:45:35 k8s-master kubelet[4153]: E0406 19:45:35.554362    4153 eviction_manager.go:246] eviction manager: failed to get get summary stats: failed to get node info: node "k8s-master" not found
Apr 06 19:45:36 k8s-master kubelet[4153]: W0406 19:45:36.359610    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:36 k8s-master kubelet[4153]: E0406 19:45:36.360561    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:37 k8s-master kubelet[4153]: E0406 19:45:37.322600    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Service: Get https://192.168.1.184:6443/api/v1/services?limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:37 k8s-master kubelet[4153]: E0406 19:45:37.325736    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.1.184:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:37 k8s-master kubelet[4153]: I0406 19:45:37.379039    4153 kubelet_node_status.go:271] Setting node annotation to enable volume controller attach/detach
Apr 06 19:45:38 k8s-master kubelet[4153]: E0406 19:45:38.633877    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:460: Failed to list *v1.Node: Get https://192.168.1.184:6443/api/v1/nodes?fieldSelector=metadata.name%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:40 k8s-master kubelet[4153]: E0406 19:45:40.762656    4153 event.go:209] Unable to write event: 'Post https://192.168.1.184:6443/api/v1/namespaces/default/events: net/http: TLS handshake timeout' (may retry after sleeping)
Apr 06 19:45:40 k8s-master kubelet[4153]: E0406 19:45:40.762836    4153 event.go:144] Unable to write event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"k8s-master.1522f003ac10794d", GenerateName:"", Namespace:"default", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, InvolvedObject:v1.ObjectReference{Kind:"Node", Namespace:"", Name:"k8s-master", UID:"k8s-master", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"NodeHasSufficientDisk", Message:"Node k8s-master status is now: NodeHasSufficientDisk", Source:v1.EventSource{Component:"kubelet", Host:"k8s-master"}, FirstTimestamp:v1.Time{Time:time.Time{wall:0xbeaa1110a1cb654d, ext:1600396290, loc:(*time.Location)(0x4547c98)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xbeaa1110a1cb654d, ext:1600396290, loc:(*time.Location)(0x4547c98)}}, Count:1, Type:"Normal", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}' (retry limit exceeded!)
Apr 06 19:45:40 k8s-master kubelet[4153]: I0406 19:45:40.955172    4153 kubelet_node_status.go:271] Setting node annotation to enable volume controller attach/detach
Apr 06 19:45:40 k8s-master kubelet[4153]: I0406 19:45:40.971118    4153 kubelet_node_status.go:82] Attempting to register node k8s-master
Apr 06 19:45:41 k8s-master kubelet[4153]: W0406 19:45:41.365472    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:41 k8s-master kubelet[4153]: E0406 19:45:41.366689    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:42 k8s-master kubelet[4153]: I0406 19:45:42.462219    4153 kubelet_node_status.go:271] Setting node annotation to enable volume controller attach/detach
Apr 06 19:45:45 k8s-master kubelet[4153]: E0406 19:45:45.559326    4153 eviction_manager.go:246] eviction manager: failed to get get summary stats: failed to get node info: node "k8s-master" not found
Apr 06 19:45:46 k8s-master kubelet[4153]: W0406 19:45:46.372431    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:46 k8s-master kubelet[4153]: E0406 19:45:46.376717    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:49 k8s-master kubelet[4153]: E0406 19:45:49.353873    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.1.184:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:50 k8s-master kubelet[4153]: E0406 19:45:50.713264    4153 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:460: Failed to list *v1.Node: Get https://192.168.1.184:6443/api/v1/nodes?fieldSelector=metadata.name%3Dk8s-master&limit=500&resourceVersion=0: net/http: TLS handshake timeout
Apr 06 19:45:51 k8s-master kubelet[4153]: W0406 19:45:51.383303    4153 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Apr 06 19:45:51 k8s-master kubelet[4153]: E0406 19:45:51.392989    4153 kubelet.go:2125] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Apr 06 19:45:51 k8s-master kubelet[4153]: E0406 19:45:51.833722    4153 event.go:209] Unable to write event: 'Post https://192.168.1.184:6443/api/v1/namespaces/default/events: net/http: TLS handshake timeout' (may retry after sleeping)
Apr 06 19:45:51 k8s-master kubelet[4153]: E0406 19:45:51.993251    4153 kubelet_node_status.go:106] Unable to register node "k8s-master" with API server: Post https://192.168.1.184:6443/api/v1/nodes: net/http: TLS handshake timeout
Apr 06 19:45:55 k8s-master kubelet[4153]: E0406 19:45:55.562988    4153 eviction_manager.go:246] eviction manager: failed to get get summary stats: failed to get node info: node "k8s-master" not found
Apr 06 19:45:56 k8s-master kubelet[4153]: E0406 19:45:56.211931    4153 certificate_manager.go:299] Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post https://192.168.1.184:6443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests: net/http: TLS handshake timeout```

[geoffgarside]

I'm getting the same. When checking docker ps I'm only seeing the apiserver being up for about a minute and then getting restarted. The logs from the apiserver look like this

Flag --admission-control has been deprecated, Use --enable-admission-plugins or --disable-admission-plugins instead. Will be removed in a future version.
Flag --insecure-port has been deprecated, This flag will be removed in a future version.
I0408 12:14:46.511153       1 server.go:135] Version: v1.10.0
I0408 12:14:46.511886       1 server.go:679] external host was not specified, using 192.168.1.200
I0408 12:15:39.952054       1 plugins.go:149] Loaded 9 admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,DefaultTolerationSeconds,DefaultStorageClass,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota.
I0408 12:15:39.990920       1 master.go:228] Using reconciler: master-count
W0408 12:15:42.294537       1 genericapiserver.go:342] Skipping API batch/v2alpha1 because it has no resources.
W0408 12:15:42.399900       1 genericapiserver.go:342] Skipping API rbac.authorization.k8s.io/v1alpha1 because it has no resources.
W0408 12:15:42.413353       1 genericapiserver.go:342] Skipping API storage.k8s.io/v1alpha1 because it has no resources.
W0408 12:15:42.522536       1 genericapiserver.go:342] Skipping API admissionregistration.k8s.io/v1alpha1 because it has no resources.
[restful] 2018/04/08 12:15:43 log.go:33: [restful/swagger] listing is available at https://192.168.1.200:6443/swaggerapi
[restful] 2018/04/08 12:15:43 log.go:33: [restful/swagger] https://192.168.1.200:6443/swaggerui/ is mapped to folder /swagger-ui/
[restful] 2018/04/08 12:16:02 log.go:33: [restful/swagger] listing is available at https://192.168.1.200:6443/swaggerapi
[restful] 2018/04/08 12:16:02 log.go:33: [restful/swagger] https://192.168.1.200:6443/swaggerui/ is mapped to folder /swagger-ui/
I0408 12:16:46.589461       1 serve.go:96] Serving securely on [::]:6443
I0408 12:16:46.590531       1 crd_finalizer.go:242] Starting CRDFinalizer
I0408 12:16:46.590739       1 crd_finalizer.go:246] Shutting down CRDFinalizer
I0408 12:16:46.610096       1 controller.go:84] Starting OpenAPI AggregationController
I0408 12:16:46.610214       1 controller.go:90] Shutting down OpenAPI AggregationController
I0408 12:16:46.610434       1 crdregistration_controller.go:110] Starting crd-autoregister controller
I0408 12:16:46.620929       1 controller_utils.go:1019] Waiting for caches to sync for crd-autoregister controller
E0408 12:16:46.621160       1 controller_utils.go:1022] Unable to sync caches for crd-autoregister controller
I0408 12:16:46.621246       1 crdregistration_controller.go:115] Shutting down crd-autoregister controller
I0408 12:16:46.642881       1 customresource_discovery_controller.go:174] Starting DiscoveryController
E0408 12:16:46.652046       1 customresource_discovery_controller.go:177] timed out waiting for caches to sync
I0408 12:16:46.652148       1 customresource_discovery_controller.go:178] Shutting down DiscoveryController
I0408 12:16:46.652288       1 naming_controller.go:276] Starting NamingConditionController
I0408 12:16:46.652380       1 naming_controller.go:280] Shutting down NamingConditionController
I0408 12:16:46.651594       1 apiservice_controller.go:90] Starting APIServiceRegistrationController
I0408 12:16:46.654368       1 cache.go:32] Waiting for caches to sync for APIServiceRegistrationController controller
E0408 12:16:46.654485       1 cache.go:35] Unable to sync caches for APIServiceRegistrationController controller
I0408 12:16:46.654559       1 apiservice_controller.go:94] Shutting down APIServiceRegistrationController
I0408 12:16:46.665820       1 available_controller.go:262] Starting AvailableConditionController
I0408 12:16:46.665943       1 cache.go:32] Waiting for caches to sync for AvailableConditionController controller
E0408 12:16:46.666085       1 cache.go:35] Unable to sync caches for AvailableConditionController controller
I0408 12:16:46.666172       1 available_controller.go:266] Shutting down AvailableConditionController
I0408 12:16:46.802095       1 serve.go:136] Stopped listening on [::]:6443
E0408 12:16:48.482319       1 storage_rbac.go:157] unable to initialize clusterroles: Get https://127.0.0.1:6443/apis/rbac.authorization.k8s.io/v1/clusterroles: dial tcp 127.0.0.1:6443: getsockopt: connection refused
E0408 12:16:48.916921       1 client_ca_hook.go:78] Post https://127.0.0.1:6443/api/v1/namespaces: dial tcp 127.0.0.1:6443: getsockopt: connection refused

this is while waiting for kubeadm init to finish, it eventually stalls and exits. I've tried applying a pod network manifest while init is waiting, that seems to be a suggestion in other issues, but that fails as the api server isn't available. Either the address:port isn't being listened on, or the connection times out due to TLS handshake timeout.

The apiserver container is exiting with a code 137.

[rhuss]

I experience the same issue with kubeadm 1.10.0 on raspi3 (hypriot os 1.8.0) but also see the kube-apiserver & etcd process running at full blast CPU:

 PID  USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
24110 root      20   0  804136  26984  10284 R 217.9  2.8   1:01.00 etcd
24019 root      20   0  931116 168132  42464 S 170.1 17.7   2:07.47 kube-apiserver
....

Load of the pi even after 20 minutes running is load average: 6.31, 5.16, 4.66

This even continues after kubeadm init bailed out. There's nothing suspicious in those containers log though.