1. kubeadm join 报错
错误信息:
error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
错误原因:token 过期导致
解决办法: 主节点创建新 token
1 [root@k8s-master ~]# kubeadm token create //重新生成 token
2 xapc7r.w9y47e7vpvdbanzy
3 [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
4 e717a1a7f6184f186c2999457e2d4eff1b5f66c5c3a4a2a770d5fab9be4f9769
5 [root@localhost ~]# kubeadm join 192.168.243.134:6443 --token xapc7r.w9y47e7vpvdbanzy \ //重新 nodeJoin
6 > --discovery-token-ca-cert-hash sha256:e717a1a7f6184f186c2999457e2d4eff1b5f66c5c3a4a2a770d5fab9be4f9769
7 [preflight] Running pre-flight checks
8 [preflight] Reading configuration from the cluster...
9 [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
10 [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
11 [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
12 [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
13 [kubelet-start] Activating the kubelet service
14 [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
15
16 This node has joined the cluster:
17 * Certificate signing request was sent to apiserver and a response was received.
18 * The Kubelet was informed of the new secure connection details.
19
20 Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
21
22 [root@localhost ~]#
