Token过期执行kubeadm join将无法加入到Kubernetes集群。执行下面的命令验证Token是否过期:
[root@k8s-master01 k8s]# kubectl get configmap cluster-info --namespace=kube-public -o yaml
apiVersion: v1
data:
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1URXhNREE0TkRZek1Gb1hEVE15TVRFd056QTRORFl6TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3
pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGVyCmxOMzFvYUZkYytmRTByY1djYS9RKys0SE9GYlQ0OWlGVXlSRWtTeTFjcHJVdVhnUlJqR3M4VCtkWnUvOEtaTVIKTFZmeEhvd3ZjRDhXZXhlUHN1YkJBMVR5ZXJ2YWF6eFJRK0FvUDJ3V2JKdVFyckhoRkszd0F1cGxsZFczTk5ldApzRWM4UzYyTlpRWGdJQ0tiZ2N6cDlBVWtnUVVsQjFWcnNxU1RtQ2l0aUsxbEJLekMzK05CZ3Rrakdkd2Q2S2EvCkxkWm5jNDJwUitPZmYxc0lub1pYbXdHV2tzWEgydkRNeFp3R0pxSmdFZ0FzK3Zmb3ZiOWJ0VlJtcGtvQlJ1YkkKUThWYURaemV6eSszVEd3Q0duU1ZXK1ZrbG16dng4SGFiby9nRXoremJFaXZhSGFzUmhLREloc0tuRjRYQndhSwpjSGZENXV0dW11V3JrTzhhd1pVQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZKUEY0QlF1eThyZHhpK1JtNGRRZ3JDb3NGOS9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTENrN1cxTmJKTE1SRXMzeksvQQo1WHV3SWZEY0lxSDRTMTd0RkxJajFad3o2MzhPc1o3WFM3cVd6VndHb2E0WkswZEt4bUhmTmZDbHNBNUhPdWt1CndDTWo3aW4xcFYvREh6aUFLYWx5ZlF0L3d5N25qakpjSVBLcUtYeEpEUXcreTVvUU9rR0JLek93ZHNKK1JIUEwKRVJ5emE1VER1M2c3RExYaHVLNWxHL0s1Nllkc2FVY2tOdkRDVW9lTUVpYzF2Nm02VkwrZWxtQzU1MGRCdUFyWAplK0M1dU0xV0hHKzVidWNzT3RVNDQ0ZHRvSWt4Y0V5Vkd1Z1FCZ3NaaEwwQ2pCU3QwdVVCZWFUV1JvUWNpcUlSCnplaWNSLzViblJGNGFPTytNem5VZ3M0KzJLdFlCVElBaTcycUxGWTNyeFNrK2V3TGV1cFk3QUFRSWtwczhDcWkKYWNZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.30.119:6443
name: ""
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
kind: ConfigMap
metadata:
creationTimestamp: "2022-11-10T08:47:03Z"
name: cluster-info
namespace: kube-public
resourceVersion: "112729"
uid: 7838c6d8-2532-4b38-968a-fec34ceb3eb6
如果Token过期,上面命令回显将没有红色字体行。执行# kubeadm token list查看token也是空的。
[root@k8s-master01 k8s]# kubeadm token list
重新创建新Token
[root@k8s-master01 k8s]# kubeadm token create --print-join-command --ttl 0
# --print-join-command 直接打印kubeadm join命令,执行该命令即可成功加入集群。
# --ttl=0 表示生成的token永不失效,如果不指定,则ttl默认24小时。
kubeadm join 192.168.30.119:6443 --token evs1r1.ro5p1pzhsrbg61mz --discovery-token-ca-cert-hash sha256:579088e6dc0b66f1478a9c2d4d03053cb69577e27e25609463ec8d3cc64aeb98
验证:
[root@k8s-master01 k8s]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
evs1r1.ro5p1pzhsrbg61mz <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
[root@k8s-master01 k8s]#
[root@k8s-master01 k8s]# kubectl get configmap cluster-info --namespace=kube-public -o yaml
apiVersion: v1
data:
jws-kubeconfig-evs1r1: eyJhbGciOiJIUzI1NiIsImtpZCI6ImV2czFyMSJ9..BzUsdyy5_5hLI75hsrdcD_wNDAlVzRinKw0BBFpoMFU
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1URXhNREE0TkRZek1Gb1hEVE15TVRFd056QTRORFl6TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3
pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGVyCmxOMzFvYUZkYytmRTByY1djYS9RKys0SE9GYlQ0OWlGVXlSRWtTeTFjcHJVdVhnUlJqR3M4VCtkWnUvOEtaTVIKTFZmeEhvd3ZjRDhXZXhlUHN1YkJBMVR5ZXJ2YWF6eFJRK0FvUDJ3V2JKdVFyckhoRkszd0F1cGxsZFczTk5ldApzRWM4UzYyTlpRWGdJQ0tiZ2N6cDlBVWtnUVVsQjFWcnNxU1RtQ2l0aUsxbEJLekMzK05CZ3Rrakdkd2Q2S2EvCkxkWm5jNDJwUitPZmYxc0lub1pYbXdHV2tzWEgydkRNeFp3R0pxSmdFZ0FzK3Zmb3ZiOWJ0VlJtcGtvQlJ1YkkKUThWYURaemV6eSszVEd3Q0duU1ZXK1ZrbG16dng4SGFiby9nRXoremJFaXZhSGFzUmhLREloc0tuRjRYQndhSwpjSGZENXV0dW11V3JrTzhhd1pVQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZKUEY0QlF1eThyZHhpK1JtNGRRZ3JDb3NGOS9NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTENrN1cxTmJKTE1SRXMzeksvQQo1WHV3SWZEY0lxSDRTMTd0RkxJajFad3o2MzhPc1o3WFM3cVd6VndHb2E0WkswZEt4bUhmTmZDbHNBNUhPdWt1CndDTWo3aW4xcFYvREh6aUFLYWx5ZlF0L3d5N25qakpjSVBLcUtYeEpEUXcreTVvUU9rR0JLek93ZHNKK1JIUEwKRVJ5emE1VER1M2c3RExYaHVLNWxHL0s1Nllkc2FVY2tOdkRDVW9lTUVpYzF2Nm02VkwrZWxtQzU1MGRCdUFyWAplK0M1dU0xV0hHKzVidWNzT3RVNDQ0ZHRvSWt4Y0V5Vkd1Z1FCZ3NaaEwwQ2pCU3QwdVVCZWFUV1JvUWNpcUlSCnplaWNSLzViblJGNGFPTytNem5VZ3M0KzJLdFlCVElBaTcycUxGWTNyeFNrK2V3TGV1cFk3QUFRSWtwczhDcWkKYWNZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.30.119:6443
name: ""
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
kind: ConfigMap
metadata:
creationTimestamp: "2022-11-10T08:47:03Z"
name: cluster-info
namespace: kube-public
resourceVersion: "424428"
uid: 7838c6d8-2532-4b38-968a-fec34ceb3eb6
标签:过期,token,--,Token,kubeadm,k8s,root From: https://www.cnblogs.com/fenghua001/p/16889007.html