K8S集群添加新节点

添加新的master节点

获取token及token证书

root@k8s-master1:~# kubeadm token create --print-join-command 
kubeadm join 192.168.255.100:6443 --token peawzl.bwonk5nviow72m9g --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb  

获取control-plane证书

root@k8s-master1:~# kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
e1adc057fd80060fa9c6789743480867ebd84973d6b4c1aff3d24393c7a94c1f

在新的master节点执行命令

kubeadm join 192.168.255.100:6443 --token peawzl.bwonk5nviow72m9g \
--discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb \
--control-plane --certificate-key e1adc057fd80060fa9c6789743480867ebd84973d6b4c1aff3d24393c7a94c1f

添加新的node节点

方法一：

获取master的join token
kubeadm token create --print-join-command --ttl=0 (--ttl=0代表token永不过期，不加此参数默认24小时过期)
执行完成后，会自动生成以下命令

root@k8s-master1:~# kubeadm token create --print-join-command --ttl=0
kubeadm join 192.168.255.100:6443 --token a38r5e.29xc6zib3vqg2iv0 --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb 

在node节点操作：

root@k8s-node1:~# kubeadm join 192.168.255.100:6443 --token a38r5e.29xc6zib3vqg2iv0 --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb

方法二：

在master节点操作

root@k8s-master1:~# kubeadm token create
lojsfz.0901j0259yi9yk0a    #生成的token

再执行：

root@k8s-master1:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null |  openssl dgst -sha256 -hex | sed 's/^.* //'
43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb   #生成的token-ca-cert-hash

在node节点操作：

root@k8s-node1:~# kubeadm join 192.168.255.100:6443 --token lojsfz.0901j0259yi9yk0a  --discovery-token-ca-cert-hash sha256:43e1fe29b90eab70840d47a98f9f07dd4efb3b002df16ccfc7e252777d4104cb