【Kubernetes】kubernetes join 卡住 token过期


【Kubernetes】kubernetes join 卡住 token过期

kubeadm join增加worker节点时,卡住

[root@k8snode3 ~]# kubeadm join 192.168.4.3:6443 --token gzx56q.02rt3ghr4n3prwha     --discovery-token-ca-cert-hash sha256:64102605b5e017e5578860869ca712e1fabaf4848aed0bea8d0e86d59c7676d 
W0811 18:10:55.200431    1751 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

然后就不动了,检查了一下原因是token过期了。下面说一下解决办法

1,在master节点查看token

  1. kubeadm token list //没token

2,创建token

[root@k8smaster ~]# kubeadm token create --ttl 0
W0811 18:15:00.787901   26706 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
ys8j6c.oy25pk1tquc483o7



[root@k8smaster ~]# kubeadm token create
W0811 18:33:05.668513   34031 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
ojilq8.4jzajdmpvt4le0ns
 [root@k8smaster ~]# kubeadm token list delete ys8j6c.oy25pk1tquc483o7
TOKEN                     TTL         EXPIRES   USAGES                   DESCRIPTION                                                EXTRA GROUPS
74jycq.pntm0wmvu0dupm9v   <forever>   <never>   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token
ojilq8.4jzajdmpvt4le0ns   23h         2020-08-12T18:33:05+08:00   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token  
**注意:TTL,一个显示forever(永久),一个显示23H**

3,查看token

[root@k8smaster ~]# ll /etc/kubernetes/pki/
总用量 56
-rw-r--r--. 1 root root 1220 6月  12 14:28 apiserver.crt
-rw-r--r--. 1 root root 1090 6月  12 14:28 apiserver-etcd-client.crt
-rw-------. 1 root root 1679 6月  12 14:28 apiserver-etcd-client.key
-rw-------. 1 root root 1675 6月  12 14:28 apiserver.key
-rw-r--r--. 1 root root 1099 6月  12 14:28 apiserver-kubelet-client.crt
-rw-------. 1 root root 1679 6月  12 14:28 apiserver-kubelet-client.key
-rw-r--r--. 1 root root 1025 6月  12 14:28 ca.crt
-rw-------. 1 root root 1679 6月  12 14:28 ca.key
drwxr-xr-x. 2 root root  162 6月  12 14:28 etcd
-rw-r--r--. 1 root root 1038 6月  12 14:28 front-proxy-ca.crt
-rw-------. 1 root root 1675 6月  12 14:28 front-proxy-ca.key
-rw-r--r--. 1 root root 1058 6月  12 14:28 front-proxy-client.crt
-rw-------. 1 root root 1679 6月  12 14:28 front-proxy-client.key
-rw-------. 1 root root 1675 6月  12 14:28 sa.key
-rw-------. 1 root root  451 6月  12 14:28 sa.pub
[root@k8smaster ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'  
64102605b5e017e5578860869ca712e1fabaf4848aed0b6ea8d0e86d59c7676d

4,worker节点执行join

[root@k8snode3 system]# kubeadm join 192.168.4.3:6443 --token 74jycq.pntm0wmvu0dupm9v     --discovery-token-ca-cert-hash sha256:64102605b5e017e5578860869ca712e1fabaf4848aed0b6ea8d0e86d59c7676d   

5,master节点查看

[root@k8smaster ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster Ready master 60d v1.18.3
k8snode1 Ready <none> 60d v1.18.3
k8snode2 Ready <none> 60d v1.18.3
k8snode3 Ready <none> 8m19s v1.18.3