概述

新版本的k8s,初始化生成的token,只有24小时。超过时间,就得需要重新生成token,为了避免这种情况,直接生成永久的token

操作步骤

生成一条永久有效的token

1
kubeadm token create --ttl 0

查看token

1
2
3
4
[root@master1 ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
abcdef.0123456789abcdef   19h         2021-11-17T10:20:09Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token
o4avtg.65ji6b778nyacw68   <forever>   <never>                     authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

获取ca证书sha256编码hash值

1
2
3
[root@master1 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
6bca936b75c82c2de910425b3a8f33716ab432590ed7b49a7698f7a9beef6ce2

node节点加入

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@node1 ~]# kubeadm join 10.8.0.1:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:6bca936b75c82c2de910425b3a8f33716ab432590ed7b49a7698f7a9beef6ce2
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

10.8.0.1: master 地址

token:kubeadm token list 获取token

discovery-token-ca-cert-hash: 获取ca证书sha256编码hash值