..
kubeadm 忘记了 token 的情况添加新节点
第一步:更新证书
kubeadm init phase upload-certs --upload-certs
得到证书信息
W0702 16:30:29.817135 10814 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
65d0e16cb416c38254f1cb544beec8e47c11d1655b515a26b4939d843629d736
第二步:创建 token 并且打印 join 命令
[root@master01v runner]# kubeadm token create --print-join-command --certificate-key=<token>
这里会用到上面的证书字符串,生成命令如下
W0702 16:30:47.775943 10980 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.0.100:443 --token tn0lnq.55w9g7xf45g4jxxn --discovery-token-ca-cert-hash <token> --control-plane --certificate-key <key>
第三步:执行上面打印的命令
kubeadm join 192.168.0.100:443 --token tn0lnq.55w9g7xf45g4jxxn --discovery-token-ca-cert-hash <token> --control-plane --certificate-key <key>
如果是加入 woker , 则不需要后面的 –control-plane –certificate-key
kubeadm join 192.168.0.100:443 --token tn0lnq.55w9g7xf45g4jxxn --discovery-token-ca-cert-hash <token>