现象:后加入master节点报错
error execution phase control-plane-prepare/download-certs: error downloading certs: the Secret does not include the required certificate or key - name: external-etcd.crt, path: /opt/etcd/ssl/server.pem
原因:
在第一台master节点上执行,因为第一台master的kubeadm上有集群的配置,后加的master集群是没有的,在其他的master节点上执行这个之后没有生成出来external-etcd-ca.crt配置,导致加入集群出错,把配置加上初始化
1、同步master证书到加入新节点
scp -rp /etc/kubernetes/pki/ root@master-tg-2:/etc/kubernetes/
scp -rp /etc/kubernetes/admin.conf root@master-tg-2:/etc/kubernetes/
scp -rp /opt/etcd/ssl root@master-tg-2:/opt/etcd/
2、获得 certificate key
kubeadm --config kubeadm-config.yaml init phase upload-certs --upload-certs
3、获取 join 命令
kubeadm token create --print-join-command
4、在被加入的master节点上执行
kubeadm join 10.103.1.2:6443 --token 4olgfk.i5yeq3mew19bzo2w --discovery-token-ca-cert-hash sha256:1f47636b70d57bc1e27f3069616adbf1dee955adef46368b4b3da726d8310cb8 --control-plane --certificate-key 1b61f331499c7b57a4fed32cd5a4a4c6054c6766696e827422ff66ef674fe76c
