kubernetes join 卡住 token过期

张映 发表于 2020-04-29

分类目录: 云计算

标签:, ,

kubeadm join增加worker节点时,卡住

[root@testing yum.repos.d]# kubeadm join 10.0.40.193:6443 --token y4d0ws.w8lxmohfc1o0yq6b --discovery-token-ca-cert-hash sha256:46f6cf1d84d0eadb4f6e7f05b908e5572025886d9f134db27f92b98e1c3dd3ed
W0429 10:21:36.848737 17290 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

然后就不动了,检查了一下原因是token过期了。下面说一下解决办法

1,在master节点查看token

# kubeadm token list   //没token

2,创建token

[root@bigserver3 pki]# kubeadm token create --ttl 0   //永不失效
W0429 11:25:57.187354 14070 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
5mhd9x.73x9n2gy4d28yqzo

[root@bigserver3 pki]# kubeadm token create  //有效期一天
W0429 11:26:15.884356 14216 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
652tg2.t1am119z6tdoosou

[root@bigserver3 pki]# kubeadm token list   //token列表
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
5mhd9x.73x9n2gy4d28yqzo <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
652tg2.t1am119z6tdoosou 23h 2020-04-30T11:26:15+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token

注意:TTL,一个显示forever(永久),一个显示23H

3,查看token

[root@bigserver3 kubernetes]# ll /etc/kubernetes/pki/
总用量 56
-rw-r--r-- 1 root root 1224 4月 27 19:13 apiserver.crt
-rw-r--r-- 1 root root 1090 4月 27 19:13 apiserver-etcd-client.crt
-rw------- 1 root root 1679 4月 27 19:13 apiserver-etcd-client.key
-rw------- 1 root root 1675 4月 27 19:13 apiserver.key
-rw-r--r-- 1 root root 1099 4月 27 19:13 apiserver-kubelet-client.crt
-rw------- 1 root root 1675 4月 27 19:13 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 4月 27 19:13 ca.crt //ca证书
-rw------- 1 root root 1679 4月 27 19:13 ca.key
drwxr-xr-x 2 root root 162 4月 27 19:13 etcd
-rw-r--r-- 1 root root 1038 4月 27 19:13 front-proxy-ca.crt
-rw------- 1 root root 1675 4月 27 19:13 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 4月 27 19:13 front-proxy-client.crt
-rw------- 1 root root 1679 4月 27 19:13 front-proxy-client.key
-rw------- 1 root root 1675 4月 27 19:13 sa.key
-rw------- 1 root root 451 4月 27 19:13 sa.pub

# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
46f6cf1d84d0eadb4f6e7f05b908e5572025886d9f134db27f92b98e1c3dd3ed   //token

4,worker节点执行join

[root@testing kubernetes]# kubeadm join 10.0.40.193:6443 --token 652tg2.t1am119z6tdoosou --discovery-token-ca-cert-hash sha256:46f6cf1d84d0eadb4f6e7f05b908e5572025886d9f134db27f92b98e1c3dd3ed
W0429 11:29:53.078968 19474 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
 [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

5,master节点查看

[root@bigserver3 ~]# kubectl get nodes
NAME         STATUS   ROLES   AGE   VERSION
bigserver2   Ready   <none>   20h   v1.18.2
bigserver3   Ready   master   40h   v1.18.2
testing      Ready   <none>   54s   v1.18.2

6,登录kubernetes-dashboard查看

kubernetes添加节点

kubernetes添加节点



转载请注明
作者:海底苍鹰
地址:http://blog.51yip.com/cloud/2404.html