k8s:kubeadm搭建k8s集群,加入新master节点报错

加入新的master节点

[root@k8s-master02 ~]#kubeadm join 172.20.1.236:16443 --token 7t2weq.bjbawausm0jaxury \
>     --discovery-token-ca-cert-hash sha256:cf30ddd3df1c6215b886df1ea378a68ad5a9faad7933d53ca9891ebbdf9a1c3f \
>     --control-plane --certificate-key 8025cc203187ad6bf23f074538cb8b9163031ae73262be556dbcb11ccc92248

出现报错,报错如下所示:

[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks before initializing the new control plane instance
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
error execution phase control-plane-prepare/download-certs: error downloading certs: error decoding certificate key: encoding/hex: odd length hex string
To see the stack trace of this error execute with --v=5 or higher

解决办法:

重新生成新的token

[root@k8s-master01 ~]# kubeadm token create --print-join-command
kubeadm join 172.20.1.236:16443 --token 1azu55.pe79z2ir146pjf2i     --discovery-token-ca-cert-hash sha256:cf30ddd3df1c6215b886df1ea378a68ad5a9faad7933d53ca9891ebbdf9a1c3f
[root@k8s-master01 ~]# kubeadm init phase upload-certs  --upload-certs
I0719 15:26:30.213882   17524 version.go:254] remote version is much newer: v1.24.3; falling back to: stable-1.20
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
16e74623e8ab152265c6814617062e66e3a2ca9f033a992b9338207d745d1c66

为什么会出现该问题,我们来看下

[root@k8s-master01 calico]# kubectl get secret -n kube-system
NAME                                             TYPE                                  DATA   AGE
attachdetach-controller-token-w9zp2              kubernetes.io/service-account-token   3      19h
bootstrap-signer-token-hxq9w                     kubernetes.io/service-account-token   3      19h
bootstrap-token-1azu55                           bootstrap.kubernetes.io/token         6      60m
bootstrap-token-7t2weq                           bootstrap.kubernetes.io/token         6      19h
bootstrap-token-i3gkzz                           bootstrap.kubernetes.io/token         4      59m
calico-etcd-secrets                              Opaque                                3      22m
calico-kube-controllers-token-hb6c7              kubernetes.io/service-account-token   3      22m
calico-node-token-x58nk                          kubernetes.io/service-account-token   3      22m
certificate-controller-token-ts6r7               kubernetes.io/service-account-token   3      19h
clusterrole-aggregation-controller-token-dqlfc   kubernetes.io/service-account-token   3      19h
coredns-token-dh4lk                              kubernetes.io/service-account-token   3      19h
cronjob-controller-token-xls8g                   kubernetes.io/service-account-token   3      19h
daemon-set-controller-token-m7v6f                kubernetes.io/service-account-token   3      19h
default-token-qmm4s                              kubernetes.io/service-account-token   3      19h
deployment-controller-token-x2vg7                kubernetes.io/service-account-token   3      19h
disruption-controller-token-4h52k                kubernetes.io/service-account-token   3      19h
endpoint-controller-token-cpnts                  kubernetes.io/service-account-token   3      19h
endpointslice-controller-token-mqcdp             kubernetes.io/service-account-token   3      19h
endpointslicemirroring-controller-token-jqf25    kubernetes.io/service-account-token   3      19h
expand-controller-token-jpbln                    kubernetes.io/service-account-token   3      19h
generic-garbage-collector-token-7zcl2            kubernetes.io/service-account-token   3      19h
horizontal-pod-autoscaler-token-ddbkf            kubernetes.io/service-account-token   3      19h
job-controller-token-6tdlk                       kubernetes.io/service-account-token   3      19h
kube-proxy-token-8g9hz                           kubernetes.io/service-account-token   3      19h
kubeadm-certs                                    Opaque                                8      59m
namespace-controller-token-s5t9w                 kubernetes.io/service-account-token   3      19h
node-controller-token-5zxfl                      kubernetes.io/service-account-token   3      19h
persistent-volume-binder-token-mlb75             kubernetes.io/service-account-token   3      19h
pod-garbage-collector-token-qxjq8                kubernetes.io/service-account-token   3      19h
pv-protection-controller-token-zmdbd             kubernetes.io/service-account-token   3      19h
pvc-protection-controller-token-fzpdw            kubernetes.io/service-account-token   3      19h
replicaset-controller-token-mjjn4                kubernetes.io/service-account-token   3      19h
replication-controller-token-sbbpp               kubernetes.io/service-account-token   3      19h
resourcequota-controller-token-52sw9             kubernetes.io/service-account-token   3      19h
root-ca-cert-publisher-token-z5wbb               kubernetes.io/service-account-token   3      19h
service-account-controller-token-m2mxf           kubernetes.io/service-account-token   3      19h
service-controller-token-fkpv6                   kubernetes.io/service-account-token   3      19h
statefulset-controller-token-fr57m               kubernetes.io/service-account-token   3      19h
token-cleaner-token-rrnf7                        kubernetes.io/service-account-token   3      19h
ttl-controller-token-t44pd                       kubernetes.io/service-account-token   3      19h
[root@k8s-master01 calico]# kubectl get secret -n kube-system bootstrap-token-1azu55 -oyaml
apiVersion: v1
data:
  auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
  expiration: MjAyMi0wNy0yMFQxNToyNTowOCswODowMA==
  token-id: MWF6dTU1
  token-secret: cGU3OXoyaXIxNDZwamYyaQ==
  usage-bootstrap-authentication: dHJ1ZQ==
  usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
  creationTimestamp: "2022-07-19T07:25:08Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:auth-extra-groups: {}
        f:expiration: {}
        f:token-id: {}
        f:token-secret: {}
        f:usage-bootstrap-authentication: {}
        f:usage-bootstrap-signing: {}
      f:type: {}
    manager: kubeadm
    operation: Update
    time: "2022-07-19T07:25:08Z"
  name: bootstrap-token-1azu55
  namespace: kube-system
  resourceVersion: "13916"
  uid: 38b20292-9724-4c96-a745-130b7704bcb2
type: bootstrap.kubernetes.io/token
[root@k8s-master01 calico]# echo "MjAyMi0wNy0yMFQxNToyNTowOCswODowMA==" |base64 -d
2022-07-20T15:25:08+08:00[root@k8s-master01 ]# 

我们能看到,token过期时间为2小时,由于token过期,所以导致节点加入失败

你可能感兴趣的:(k8s,kubernetes,docker,容器)