問題:node
[root@k8s-node-1 ~]# kubeadm join 192.168.122.201:6443 --token fmqvwn.6h11y2ayq23r7zmw --discovery-token-ca-cert-hash sha256:42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4a W0107 17:53:50.512517 14686 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set. [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
解決方案:
由於kubeadm在使用過程當中token的有效期只有24h,須要從新生成,才能解決上述問題web
生成token: [root@k8s-master ~]# kubeadm token create ntqpnh.f5tbwenab50233at 查看有效期: [root@k8s-master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS ntqpnh.f5tbwenab50233at 23h 2020-01-08T19:27:01+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token 生成令牌: [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4a
node節點從新加入bootstrap
[root@k8s-node-1 ~]# kubeadm join 192.168.122.201:6443 --token ntqpnh.f5tbwenab50233at --discovery-token-ca-cert-hash sha256:42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4a