Kubernetes 1.8.0,Token 过期问题

背景

搭建好的集群几天后想加一台新机器进来

跑的命令

kubeadm join --token 12d95e.8c3d52a744282683 192.168.96.18:6443 --discovery-token-ca-cert-hash sha256:d28c48fb25d8ff2cf695c2c7207799779d3e5036a5a7a234b55ed19bfa40c955

#报错如下

Failed to connect to API Server "192.168.9.128:6443": there is no JWS signed token in the cluster-info ConfigMap. This token id "4375e" is invalid for this cluster, can't connect

原因

官方文档

The default Bootstrap Token created with kubeadm init v1.8 expires and is deleted after 24 hours by default to limit the exposure of the valuable credential. You can create a new Bootstrap Token with kubeadm token create or make the default token permanently valid by specifying --token-ttl 0 to kubeadm init. The default token can later be deleted with kubeadm token delete.

初始化token在24小时候会被master删除,以防泄露

解决办法

在master机器上重新生成

[root@centos-master ~]# kubeadm token create

[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --ttl 0)

14bdb3.766d0995de1c0c69

客户端重新加入

kubeadm join --token 14bdb3.766d0995de1c0c69 192.168.9.128:6443