zoukankan      html  css  js  c++  java
  • kubeadm 生成的token过期后,集群增加节点

    通过kubeadm初始化后,都会提供node加入的token。

    [root@walker-1 kubernetes]# kubeadm init --config ./kubeadm-init.yaml --skip-preflight-checks
    [kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
    [init] Using Kubernetes version: v1.8.1
    [init] Using Authorization modes: [Node RBAC]
    [preflight] Skipping pre-flight checks
    [kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
    [certificates] Generated ca certificate and key.
    [certificates] Generated apiserver certificate and key.
    [certificates] apiserver serving cert is signed for DNS names [walker-1.novalocal kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local walker-1.novalocal walker-2.novalocal] and IPs [10.96.0.1 172.16.6.47 172.16.6.47 172.16.6.249 172.16.6.79]
    [certificates] Generated apiserver-kubelet-client certificate and key.
    [certificates] Generated sa key and public key.
    [certificates] Generated front-proxy-ca certificate and key.
    [certificates] Generated front-proxy-client certificate and key.
    [certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
    ...
    
    You can now join any number of machines by running the following on each node
    as root:
    
       kubeadm join --token 19f284.da47998c9abb01d3 172.16.6.47:6443 --discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538
    

    默认token的有效期为24小时,当过期之后,该token就不可用了。解决方法如下:

    重新生成新的token

    [root@walker-1 kubernetes]# kubeadm token create
    [kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --ttl 0)
    aa78f6.8b4cafc8ed26c34f
    [root@walker-1 kubernetes]# kubeadm token list
    TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
    aa78f6.8b4cafc8ed26c34f   23h       2017-12-26T16:36:29+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token
    

    获取ca证书sha256编码hash值

    [root@walker-1 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
    0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538
    

    节点加入集群

    [root@walker-4 kubernetes]# kubeadm join --token aa78f6.8b4cafc8ed26c34f --discovery-t




    链接:https://www.jianshu.com/p/a5e379638577

  • 相关阅读:
    memcached+magent的集群部署详细过程
    HBase的安装配置
    vim操作知识累积
    Missing artifact jdk.tools:jdk.tools:jar:1.6
    hadoop2.X解压后的配置步骤
    免密码的SSH配置过程
    Linux网卡重启出现"No Suitable Device found:no device found for XXX"
    钉钉、钉应用(微应用和E应用)开发介绍
    Intellij-Idea使用小细节
    SpringMVC项目使用elastic search搜索
  • 原文地址:https://www.cnblogs.com/gzxbkk/p/10300140.html
Copyright © 2011-2022 走看看