k8skubeadm生成Token以及设置过期时间kubeadm删除token
k8skubeadm生成Token以及设置过期时间kubeadm删除token
·
1.查看Token
[root@m1 admin]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
bwa8py.ghf5s0vfsxz1d7fx <invalid> 2022-08-01T19:06:15+08:00 authentication,signing kubelet-bootstrap-token system:bootstrappers:worker
mbwfv6.lbasbfken6or58re 23h 2022-08-04T21:29:20+08:00 authentication,signing kubelet-bootstrap-token system:bootstrappers:worker
yvsocr.b40go6o23ee85wrs <forever> <never> authentication,signing kubelet-bootstrap-token system:bootstrappers:worker
2.设置用不过期Token
# 不加只有24H小时
[root@m1 admin]# kubeadm token create
# 加上 kubeadm token create --ttl 0
[root@m1 admin]# export BOOTSTRAP_TOKEN=$(kubeadm token create --ttl 0 \
--description kubelet-bootstrap-token \
--groups system:bootstrappers:worker \
--kubeconfig kube.config)
获取CA公钥的哈希值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //'
kubeadm join 192.168.40.8:6443 --token token填这里 --discovery-token-ca-cert-hash sha256:哈希值填这里
# 删除多余token
[root@m1 admin]# kubeadm token delete bwa8py.ghf5s0vfsxz1d7fx
bootstrap token with id "bwa8py" deleted
[root@m1 admin]# kubeadm token delete mbwfv6.lbasbfken6or58re
bootstrap token with id "mbwfv6" deleted
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献19条内容
所有评论(0)