k8s后续添加节点失效couldn't validate the identity of the API Server

痛定思痛。 2023-06-08 06:38 57阅读 0赞

报错信息

  1. [root@k8s-node2 k8s]# kubeadm join 192.168.1.200:6443 --token ov6qse.lvw984yn30c96p9o --discovery-token-ca-cert-hash sha256:ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984
  2. [preflight] Running pre-flight checks
  3. [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
  4. [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.3. Latest validated version: 18.09
  5. error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s

报错原因: 与API服务器认证失败,八成token失效了,
查看token

  1. [root@k8s-master ~]# kubeadm token list
  2. TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS

果然没有,生一个,再次查看,token生命周期为一天

  1. [root@k8s-master ~]# kubeadm token create
  2. wxvdun.vec7m9cu4ru3hngg
  3. [root@k8s-master ~]# kubeadm token list
  4. TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
  5. wxvdun.vec7m9cu4ru3hngg 23h 2019-10-18T10:43:34+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
  6. [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  7. ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984

node节点上重新加入

  1. [root@k8s-node2 ~]# kubeadm join 192.168.1.200:6443 --token wxvdun.vec7m9cu4ru3hngg --discovery-token-ca-cert-hash sha256:ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984
  2. !指定两个地方,token名和sha256

发表评论

表情:
评论列表 (有 0 条评论,57人围观)

还没有评论,来说两句吧...

相关阅读