k8s 重新生成token加入集群
2021-01-05 本文已影响0人
明天你好_ee9a
master节点重新生成token:
[root@master ~]# kubeadm token create
W0106 10:20:29.756683 10795 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
4fjude.9oz1cklt476y8jvr
[root@master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
4fjude.9oz1cklt476y8jvr 23h 2021-01-07T10:20:29+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
master节点获取ca证书sha256编码hash值
[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
228a3d716882edbf32c1598474c175763220a8fee609ec8d453215cdb6e7cbf2
node节点加入集群
[root@k8snode1 kubernetes]# kubeadm join 10.186.129.19:6443 --token 4fjude.9oz1cklt476y8jvr --discovery-token-ca-cert-hash sha256:228a3d716882edbf32c1598474c175763220a8fee609ec8d453215cdb6e7cbf2
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://10.186.129.19:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": x509: certificate is valid for 10.96.0.1, 192.168.0.7, not 10.186.129.19
To see the stack trace of this error execute with --v=5 or higher
[root@k8snode1 kubernetes]# kubeadm join 192.168.0.7:6443 --token 4fjude.9oz1cklt476y8jvr --discovery-token-ca-cert-hash sha256:228a3d716882edbf32c1598474c175763220a8fee609ec8d453215cdb6e7cbf2
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
在master节点查看
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8snode1 Ready <none> 10m v1.19.0
master Ready master 53d v1.19.0
