添加新的master节点
获取token及token证书
root@k8s-master1:~# kubeadm token create --print-join-command
kubeadm join 192.168.255.100:6443 --token peawzl.bwonk5nviow72m9g --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb
获取control-plane证书
root@k8s-master1:~# kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
e1adc057fd80060fa9c6789743480867ebd84973d6b4c1aff3d24393c7a94c1f
在新的master节点执行命令
kubeadm join 192.168.255.100:6443 --token peawzl.bwonk5nviow72m9g
--discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb
--control-plane --certificate-key e1adc057fd80060fa9c6789743480867ebd84973d6b4c1aff3d24393c7a94c1f
添加新的node节点
方法一:
获取master的join token
kubeadm token create --print-join-command --ttl=0 (--ttl=0代表token永不过期,不加此参数默认24小时过期)
执行完成后,会自动生成以下命令
root@k8s-master1:~# kubeadm token create --print-join-command --ttl=0
kubeadm join 192.168.255.100:6443 --token a38r5e.29xc6zib3vqg2iv0 --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb
在node节点操作:
root@k8s-node1:~# kubeadm join 192.168.255.100:6443 --token a38r5e.29xc6zib3vqg2iv0 --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb
方法二:
在master节点操作
root@k8s-master1:~# kubeadm token create
lojsfz.0901j0259yi9yk0a #生成的token
再执行:
root@k8s-master1:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb #生成的token-ca-cert-hash
在node节点操作:
root@k8s-node1:~# kubeadm join 192.168.255.100:6443 --token lojsfz.0901j0259yi9yk0a --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb