kubeadm故障排除
问题:[root@k8s-node-1 ~]# kubeadm join 192.168.122.201:6443 --token fmqvwn.6h11y2ayq23r7zmw --discovery-token-ca-cert-hash sha256:42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4aW0107 17
问题:
[root@k8s-node-1 ~]# kubeadm join 192.168.122.201:6443 --token fmqvwn.6h11y2ayq23r7zmw --discovery-token-ca-cert-hash sha256:42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4a
W0107 17:53:50.512517 14686 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
解决方案:
因为kubeadm在使用过程中token的有效期只有24h,需要重新生成,才能解决上述问题
生成token:
[root@k8s-master ~]# kubeadm token create
ntqpnh.f5tbwenab50233at
查看有效期:
[root@k8s-master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
ntqpnh.f5tbwenab50233at 23h 2020-01-08T19:27:01+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
生成令牌:
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
42e125ef64f5aabc67ae0e0f14b58270be35fde8ff4f7b9a47d5d76a74a97c4a
node节点重新加入
[root@k8s-node-1 ~]# kubeadm join 192.168.122.201:6443 --token ntqpnh.f5tbwenab50233at --disco
更多推荐
所有评论(0)