Join cluster after init token expired?

Create a new bootstrap token and join

Use kubeadm token create to create a new bootstrap token, See kubeadm: Managing Tokens.

# login to master node
# create a new bootstrap token
$ kubeadm token create
abcdef.1234567890abcdef

# get root ca cert fingerprint
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea 

# login to the new worker node
# join to cluster 
$ kubeadm join --token abcdef.1234567890abcdef --discovery-token-ca-cert-hash sha256:e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea 1.2.3.4:6443

Note: --discovery-token-ca-cert-hash is preferred in Kubernetes 1.8 and above.

(Alternative) Use discovery file to establish trust

--discovery-file provides an out-of-band way to establish a root of trust between the master and bootstrapping nodes.

Consider using this mode if you are building automated provisioning using kubeadm.

The discovery file does not provide a valid token, so we still need kubeadm token create to create a new one.

kubeadm join --token abcdef.1234567890abcdef --discovery-file a.conf

The easiest way i know to join new nodes to existing cluster is

kubeadm token create --print-join-command

this will give output like this.

kubeadm join 192.168.10.15:6443 --token l946pz.6fv0XXXXX8zry --discovery-token-ca-cert-hash sha256:e1e6XXXXXXXXXXXX9ff2aa46bf003419e8b508686af8597XXXXXXXXXXXXXXXXXXX

Join cluster after init token expired?

Create a new bootstrap token and join

(Alternative) Use discovery file to establish trust

Tags:

Kubernetes

Related

Recent Posts