kubeadm 生成的token过期后,集群增加节点
2018-03-25 15:24
281 查看
通过kubeadm初始化后,都会提供node加入的token。
默认token的有效期为24小时,当过期之后,该token就不可用了。解决方法如下:
重新生成新的token
获取ca证书
节点加入集群
[root@walker-1 kubernetes]# kubeadm init --config ./kubeadm-init.yaml --skip-preflight-checks [kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters. [init] Using Kubernetes version: v1.8.1 [init] Using Authorization modes: [Node RBAC] [preflight] Skipping pre-flight checks [kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0) [certificates] Generated ca certificate and key. [certificates] Generated apiserver certificate and key. [certificates] apiserver serving cert is signed for DNS names [walker-1.novalocal kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local walker-1.novalocal walker-2.novalocal] and IPs [10.96.0.1 172.16.6.47 172.16.6.47 172.16.6.249 172.16.6.79] [certificates] Generated apiserver-kubelet-client certificate and key. [certificates] Generated sa key and public key. [certificates] Generated front-proxy-ca certificate and key. [certificates] Generated front-proxy-client certificate and key. [certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki" ... You can now join any number of machines by running the following on each node as root: kubeadm join --token 19f284.da47998c9abb01d3 172.16.6.47:6443 --discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538
默认token的有效期为24小时,当过期之后,该token就不可用了。解决方法如下:
重新生成新的token
[root@walker-1 kubernetes]# kubeadm token create [kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --ttl 0) aa78f6.8b4cafc8ed26c34f [root@walker-1 kubernetes]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS aa78f6.8b4cafc8ed26c34f 23h 2017-12-26T16:36:29+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
获取ca证书
sha256编码hash值
[root@walker-1 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538
节点加入集群
[root@walker-4 kubernetes]# kubeadm join --token aa78f6.8b4cafc8ed26c34f --discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538 172.16.6.79:6443 --skip-preflight-checks
相关文章推荐
- 总结redis第四部分(集群搭建以及增加和删除节点)
- Cassandra 为集群中的节点手动分配token
- 学习总结四:hadoop集群动态增加新节点及下架一个节点
- hadoop集群中增加节点
- redis 集群-新增加节点并数据迁移
- redis集群——增加节点
- [经验交流] kubeadm 安装 kubernetes 一年过期的解决办法
- redis集群动态增加或者删除节点 和Docker启动报错
- 使用kubeadm部署k8s集群07-扩容kube-scheduler到3节点
- Hadoop集群中增加新节点
- kubeadm 搭建 kubernetes 集群
- redis3.0.6集群动态 增加节点
- Oracle12.2 RAC集群管理之增加删除节点_Oracle12cR2视频教程(项目实战之六)
- redis集群动态增加或者删除节点
- redis集群——增加节点
- 向CDH集群增加虚拟机节点平衡数据操作
- Hadoop集群中增加新节点