【Kubernetes】kubernetes join 卡住 token过期
kubeadm join增加worker节点时,卡住
[root@k8snode3 ~]# kubeadm join 192.168.4.3:6443 --token gzx56q.02rt3ghr4n3prwha --discovery-token-ca-cert-hash sha256:64102605b5e017e5578860869ca712e1fabaf4848aed0bea8d0e86d59c7676d
W0811 18:10:55.200431 1751 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
然后就不动了,检查了一下原因是token过期了。下面说一下解决办法
1,在master节点查看token
-
kubeadm token list //没token
2,创建token
[root@k8smaster ~]# kubeadm token create --ttl 0
W0811 18:15:00.787901 26706 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
ys8j6c.oy25pk1tquc483o7
[root@k8smaster ~]# kubeadm token create
W0811 18:33:05.668513 34031 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
ojilq8.4jzajdmpvt4le0ns
[root@k8smaster ~]# kubeadm token list delete ys8j6c.oy25pk1tquc483o7
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
74jycq.pntm0wmvu0dupm9v <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
ojilq8.4jzajdmpvt4le0ns 23h 2020-08-12T18:33:05+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
**注意:TTL,一个显示forever(永久),一个显示23H**
3,查看token
[root@k8smaster ~]# ll /etc/kubernetes/pki/
总用量 56
-rw-r--r--. 1 root root 1220 6月 12 14:28 apiserver.crt
-rw-r--r--. 1 root root 1090 6月 12 14:28 apiserver-etcd-client.crt
-rw-------. 1 root root 1679 6月 12 14:28 apiserver-etcd-client.key
-rw-------. 1 root root 1675 6月 12 14:28 apiserver.key
-rw-r--r--. 1 root root 1099 6月 12 14:28 apiserver-kubelet-client.crt
-rw-------. 1 root root 1679 6月 12 14:28 apiserver-kubelet-client.key
-rw-r--r--. 1 root root 1025 6月 12 14:28 ca.crt
-rw-------. 1 root root 1679 6月 12 14:28 ca.key
drwxr-xr-x. 2 root root 162 6月 12 14:28 etcd
-rw-r--r--. 1 root root 1038 6月 12 14:28 front-proxy-ca.crt
-rw-------. 1 root root 1675 6月 12 14:28 front-proxy-ca.key
-rw-r--r--. 1 root root 1058 6月 12 14:28 front-proxy-client.crt
-rw-------. 1 root root 1679 6月 12 14:28 front-proxy-client.key
-rw-------. 1 root root 1675 6月 12 14:28 sa.key
-rw-------. 1 root root 451 6月 12 14:28 sa.pub
[root@k8smaster ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
64102605b5e017e5578860869ca712e1fabaf4848aed0b6ea8d0e86d59c7676d
4,worker节点执行join
[root@k8snode3 system]# kubeadm join 192.168.4.3:6443 --token 74jycq.pntm0wmvu0dupm9v --discovery-token-ca-cert-hash sha256:64102605b5e017e5578860869ca712e1fabaf4848aed0b6ea8d0e86d59c7676d
5,master节点查看
[root@k8smaster ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster Ready master 60d v1.18.3
k8snode1 Ready <none> 60d v1.18.3
k8snode2 Ready <none> 60d v1.18.3
k8snode3 Ready <none> 8m19s v1.18.3