kubernetes忘记token或者token过期怎么加入k8s集群

1.先查看token是否还可用 

[root@hadoop01 ~]# kubeadm token list

 

　　1.1) 还在则获取ca证书sha256编码hash值,不在则进行2操作

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
6fd9b1bf2d593d2d4f550cd9f1f596865f117fef462db42860228311c2712b8b

　　1.2) node节点加入

kubeadm join k8smaster.com:6443 --token ky6r26.ucd2s4jmtimxvj90 
    --discovery-token-ca-cert-hash sha256:6fd9b1bf2d593d2d4f550cd9f1f596865f117fef462db42860228311c2712b8b 
　　--ignore-preflight-errors=Swap

2.生成一个新的token

 

[root@hadoop01 ~]# kubeadm token create --print-join-command //默认有效期24小时,若想久一些可以结合--ttl参数,设为0则用不过期
kubeadm join k8smaster.com:6443 --token pdas2m.fkgn8q7mz5u96jm6 --discovery-token-ca-cert-hash sha256:6fd9b1bf2d593d2d4f550cd9f1f596865f117fef462db42860228311c2712b8b

 　　2.1) 查看token

[root@hadoop01 ~]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
pdas2m.fkgn8q7mz5u96jm6   23h       2019-10-25T23:38:46+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

 　　2.2).node节点加入

kubeadm join k8smaster.com:6443 --token pdas2m.fkgn8q7mz5u96jm6 
    --discovery-token-ca-cert-hash sha256:6fd9b1bf2d593d2d4f550cd9f1f596865f117fef462db42860228311c2712b8b 
　　--ignore-preflight-errors=Swap