k8s后续添加节点失效couldn't validate the identity of the API Server

痛定思痛。 2023-06-08 06:38 9阅读 0赞

报错信息

[root@k8s-node2 k8s]# kubeadm join 192.168.1.200:6443 --token ov6qse.lvw984yn30c96p9o --discovery-token-ca-cert-hash sha256:ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984 
    [preflight] Running pre-flight checks
    	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.3. Latest validated version: 18.09
    error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s

报错原因： 与API服务器认证失败，八成token失效了，  
查看token

[root@k8s-master ~]# kubeadm token list
    TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS

果然没有，生一个，再次查看，token生命周期为一天

[root@k8s-master ~]# kubeadm token create
    wxvdun.vec7m9cu4ru3hngg
    [root@k8s-master ~]# kubeadm token list
    TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
    wxvdun.vec7m9cu4ru3hngg   23h       2019-10-18T10:43:34+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token
    [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
    ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984

node节点上重新加入

[root@k8s-node2 ~]# kubeadm join 192.168.1.200:6443 --token wxvdun.vec7m9cu4ru3hngg --discovery-token-ca-cert-hash sha256:ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984 
    !指定两个地方，token名和sha256