Problem
You tried to create a new private Google Kubernetes Engine cluster, but the creation failed as node was unable to register with primary due the error described below:
Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady.
Environment
- Private Google Kubernetes Engine Cluster
- Private google access enabled at subnet level
Solution
You must add the CNAME record (*.gcr.io = gcr.io) or remove the gcr.io (A record to 4 IPs used by private.googleapi.com) to solve this problem.
Cause
You added an A record that points "gcr.io" to the 4 IPs used by private.googleapi.com (199.36.153.8, 199.36.153.9, 199.36.153.10, 199.36.153.11), but the GCR requests can be *.gcr.io (i.e. us.gcr.io). This causes the image pull to fail for kube-system workloads, such as the init container used for install the cni plugin preving cluster from being created.
Error Reference:
[DATETIME] gke-cluster-1-default-pool-271a0bbd-5gvj kubelet[1419]: E1120 06:37:48.161556 1419 kubelet.go:2195] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is ...