Menu
I created a Kubernetes cluster a few days ago with 1 Master and 1 worker Node. Now I want to add another node to the cluster, but the token printed by the original "kubeadm init" on the master has expired (by default after 24 hours).
The "kubeadm join" command have a "--discovery-file". It takes a config file and I have tried with the format I found here:
https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.8.md
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <really long certificate data>
server: https://10.138.0.2:6443
name: ""
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
I copied the corresponding data from my working kubectl config file and created a local file "a.config".
But, when I try the command "sudo kubeadm join --discovery-file a.conf" it fails with the following error messages:
[discovery: Invalid value: "": token [""] was not of form ["^([a-z0-9]{6})\\.([a-z0-9]{16})$"], discovery: Invalid value: "": token must be of form '[a-z0-9]{6}.[a-z0-9]{16}']
What am I missing here?
What is a procedure know to work in my situation? I prefer not to tear down the cluster and re-join it again.
665
Joining the New Worker to the ClusterUsing SSH, log onto the new worker node. Use the kubeadm join command with our new token to join the node to our cluster. List your cluster's nodes to verify your new worker has successfully joined the cluster. Verify that the worker's status to ensure no problems were encountered.
To create a new certificate key you must use 'kubeadm init phase upload-certs --upload-certs'. Path to a kubeadm configuration file. A human friendly description of how this token is used. Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.
The easiest way i know to join new nodes to existing cluster is
kubeadm token create --print-join-command
this will give output like this.
kubeadm join 192.168.10.15:6443 --token l946pz.6fv0XXXXX8zry --discovery-token-ca-cert-hash sha256:e1e6XXXXXXXXXXXX9ff2aa46bf003419e8b508686af8597XXXXXXXXXXXXXXXXXXX
Use kubeadm token create to create a new bootstrap token, See kubeadm: Managing Tokens.
# login to master node
# create a new bootstrap token
$ kubeadm token create
abcdef.1234567890abcdef
# get root ca cert fingerprint
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea
# login to the new worker node
# join to cluster
$ kubeadm join --token abcdef.1234567890abcdef --discovery-token-ca-cert-hash sha256:e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea 1.2.3.4:6443
Note: --discovery-token-ca-cert-hash is preferred in Kubernetes 1.8 and above.
--discovery-fileprovides an out-of-band way to establish a root of trust between the master and bootstrapping nodes.Consider using this mode if you are building automated provisioning using kubeadm.
The discovery file does not provide a valid token, so we still need kubeadm token create to create a new one.
kubeadm join --token abcdef.1234567890abcdef --discovery-file a.conf
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
