k8s高可用集群5解决token过期

新创建的集群,token过期时间是24个小时,查看过期时间

#1查看自己设置的token名:

  [root@k8s-master01 ~]#cat new.yaml
    token: 7t2weq.bjbawausm0jaxury#2过滤出token文件

[root@k8s-master01 ~]#kubectl get secret -n kube-system|grep 7t2weq
bootstrap-token-7t2weq                           bootstrap.kubernetes.io/token         6      91m

#3查看详情找到过期字段expiration
[root@k8s-master01 ~]#kubectl get secret -n kube-system bootstrap-token-7t2weq -o
error: flag needs an argument: 'o' in -o
See 'kubectl get --help' for usage.
您在 /var/spool/mail/root 中有新邮件
[root@k8s-master01 ~]#kubectl get secret -n kube-system bootstrap-token-7t2weq -oyaml
apiVersion: v1
data:
  auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
  expiration: MjAyMi0wMi0yOFQwMjo0Nzo1MVo=
  token-id: N3Qyd2Vx
  token-secret: YmpiYXdhdXNtMGpheHVyeQ==
  usage-bootstrap-authentication: dHJ1ZQ==
  usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
  creationTimestamp: "2022-02-27T02:47:51Z"
  name: bootstrap-token-7t2weq
  namespace: kube-system
  resourceVersion: "363"
  uid: d4d9ed92-51ea-4352-bd25-1e6e5a768fca
type: bootstrap.kubernetes.io/token
[root@k8s-master01 ~]#echo "MjAyMi0wMi0yOFQwMjo0Nzo1MVo="
MjAyMi0wMi0yOFQwMjo0Nzo1MVo=

#解密过期时间
[root@k8s-master01 ~]#echo "MjAyMi0wMi0yOFQwMjo0Nzo1MVo=" | base64 -d
2022-02-28T02:47:51Z

 如果token没过期,直接执行下面这些命令就可以了

#添加Master节点的命令

kubeadm join 10.0.0.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \
--control-plane --certificate-key 017a5fac657642a30389649bcbf3ccbbdc27ecb43a4c100435cc5230dc173f11


#添加node节点的命令

kubeadm join 10.0.0.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9

如果token过期了,需要使用如下命令生成新的key

#生成新的工作节点node加入集群的命令
[root@k8s-master01 ~]#kubeadm token create --print-join-command
kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9

#生成新的master节点加入集群的命令
[root@k8s-master01 ~]#kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa #获取key

#添加Master3节点

kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \
--control-plane --certificate-key d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa

 如果节点添加不上,可以试试一下步骤:

#1先停掉服务
systemctl stop containerd kubelet
#2删除数据
rm -rf /etc/kubernetes/
rm -rf /var/lib/containerd/ /var/lib/kubelet/
#3如果执行了上面的删除操作,那么接下来还需要创建
mkdir -p /etc/containerd
#4把moster01中的配置文件导入到你现在编辑的这个节点内例如你正在编辑的是k8s-node02节点
scp /etc/containerd/config.toml k8s-node02:/etc/containerd/
#5重启containerd和kubelet
systemctl daemon-reload
systemctl restart containerd
systemctl restart kubelet
#6查看日志

tail -f /var/log/messages


#7执行加入集群命令,例如
kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \
--control-plane --certificate-key d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa


如果报错提示某个目录正在被使用,可以用umount卸载这个目录,例如umount /var/lin/kubelet/pods/hfufdfyfyff

 

posted @ 2022-02-27 13:09  linuxTang  阅读(869)  评论(0编辑  收藏  举报