加入新的master节点
[root@k8s-master02 ~]#kubeadm join 172.20.1.236:16443 --token 7t2weq.bjbawausm0jaxury \
> --discovery-token-ca-cert-hash sha256:cf30ddd3df1c6215b886df1ea378a68ad5a9faad7933d53ca9891ebbdf9a1c3f \
> --control-plane --certificate-key 8025cc203187ad6bf23f074538cb8b9163031ae73262be556dbcb11ccc92248
出现报错,报错如下所示:
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks before initializing the new control plane instance
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
error execution phase control-plane-prepare/download-certs: error downloading certs: error decoding certificate key: encoding/hex: odd length hex string
To see the stack trace of this error execute with --v=5 or higher
解决办法:
重新生成新的token
[root@k8s-master01 ~]# kubeadm token create --print-join-command
kubeadm join 172.20.1.236:16443 --token 1azu55.pe79z2ir146pjf2i --discovery-token-ca-cert-hash sha256:cf30ddd3df1c6215b886df1ea378a68ad5a9faad7933d53ca9891ebbdf9a1c3f
[root@k8s-master01 ~]# kubeadm init phase upload-certs --upload-certs
I0719 15:26:30.213882 17524 version.go:254] remote version is much newer: v1.24.3; falling back to: stable-1.20
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
16e74623e8ab152265c6814617062e66e3a2ca9f033a992b9338207d745d1c66
为什么会出现该问题,我们来看下
[root@k8s-master01 calico]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-w9zp2 kubernetes.io/service-account-token 3 19h
bootstrap-signer-token-hxq9w kubernetes.io/service-account-token 3 19h
bootstrap-token-1azu55 bootstrap.kubernetes.io/token 6 60m
bootstrap-token-7t2weq bootstrap.kubernetes.io/token 6 19h
bootstrap-token-i3gkzz bootstrap.kubernetes.io/token 4 59m
calico-etcd-secrets Opaque 3 22m
calico-kube-controllers-token-hb6c7 kubernetes.io/service-account-token 3 22m
calico-node-token-x58nk kubernetes.io/service-account-token 3 22m
certificate-controller-token-ts6r7 kubernetes.io/service-account-token 3 19h
clusterrole-aggregation-controller-token-dqlfc kubernetes.io/service-account-token 3 19h
coredns-token-dh4lk kubernetes.io/service-account-token 3 19h
cronjob-controller-token-xls8g kubernetes.io/service-account-token 3 19h
daemon-set-controller-token-m7v6f kubernetes.io/service-account-token 3 19h
default-token-qmm4s kubernetes.io/service-account-token 3 19h
deployment-controller-token-x2vg7 kubernetes.io/service-account-token 3 19h
disruption-controller-token-4h52k kubernetes.io/service-account-token 3 19h
endpoint-controller-token-cpnts kubernetes.io/service-account-token 3 19h
endpointslice-controller-token-mqcdp kubernetes.io/service-account-token 3 19h
endpointslicemirroring-controller-token-jqf25 kubernetes.io/service-account-token 3 19h
expand-controller-token-jpbln kubernetes.io/service-account-token 3 19h
generic-garbage-collector-token-7zcl2 kubernetes.io/service-account-token 3 19h
horizontal-pod-autoscaler-token-ddbkf kubernetes.io/service-account-token 3 19h
job-controller-token-6tdlk kubernetes.io/service-account-token 3 19h
kube-proxy-token-8g9hz kubernetes.io/service-account-token 3 19h
kubeadm-certs Opaque 8 59m
namespace-controller-token-s5t9w kubernetes.io/service-account-token 3 19h
node-controller-token-5zxfl kubernetes.io/service-account-token 3 19h
persistent-volume-binder-token-mlb75 kubernetes.io/service-account-token 3 19h
pod-garbage-collector-token-qxjq8 kubernetes.io/service-account-token 3 19h
pv-protection-controller-token-zmdbd kubernetes.io/service-account-token 3 19h
pvc-protection-controller-token-fzpdw kubernetes.io/service-account-token 3 19h
replicaset-controller-token-mjjn4 kubernetes.io/service-account-token 3 19h
replication-controller-token-sbbpp kubernetes.io/service-account-token 3 19h
resourcequota-controller-token-52sw9 kubernetes.io/service-account-token 3 19h
root-ca-cert-publisher-token-z5wbb kubernetes.io/service-account-token 3 19h
service-account-controller-token-m2mxf kubernetes.io/service-account-token 3 19h
service-controller-token-fkpv6 kubernetes.io/service-account-token 3 19h
statefulset-controller-token-fr57m kubernetes.io/service-account-token 3 19h
token-cleaner-token-rrnf7 kubernetes.io/service-account-token 3 19h
ttl-controller-token-t44pd kubernetes.io/service-account-token 3 19h
[root@k8s-master01 calico]# kubectl get secret -n kube-system bootstrap-token-1azu55 -oyaml
apiVersion: v1
data:
auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
expiration: MjAyMi0wNy0yMFQxNToyNTowOCswODowMA==
token-id: MWF6dTU1
token-secret: cGU3OXoyaXIxNDZwamYyaQ==
usage-bootstrap-authentication: dHJ1ZQ==
usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
creationTimestamp: "2022-07-19T07:25:08Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:auth-extra-groups: {}
f:expiration: {}
f:token-id: {}
f:token-secret: {}
f:usage-bootstrap-authentication: {}
f:usage-bootstrap-signing: {}
f:type: {}
manager: kubeadm
operation: Update
time: "2022-07-19T07:25:08Z"
name: bootstrap-token-1azu55
namespace: kube-system
resourceVersion: "13916"
uid: 38b20292-9724-4c96-a745-130b7704bcb2
type: bootstrap.kubernetes.io/token
[root@k8s-master01 calico]# echo "MjAyMi0wNy0yMFQxNToyNTowOCswODowMA==" |base64 -d
2022-07-20T15:25:08+08:00[root@k8s-master01 ]#
我们能看到,token过期时间为2小时,由于token过期,所以导致节点加入失败