1、首先在master 节点上面查看是否有可用的token
[root@master-2-4 limit]# kubeadm token list
2、如没有,重新生成新的token
[root@master-2-4 limit]# kubeadm token create
3、获取CA证书 sha256 编码 hash 值
[root@master-2-4 limit]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
4、执行node节点加入
[root@node2-2-6 ~]# kubeadm join 10.0.2.4:6443 --token fyfpgh.toc6ofepxi9v1bv8 --discovery-token-ca-cert-hash sha256:26aff3c0ad6cea0703ee6a0c450ed442be03bf3d5b3573efa0830079fffa2593
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
加入失败
原因分析:由于之前此节点为node 节点,里面有上集群的残余信息,使用 kubeadm reset 进行清理
[root@node2-2-6 ~]# kubeadm reset
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
5、重新加入集群
[root@node2-2-6 ~]# kubeadm join 10.0.2.4:6443 --token fyfpgh.toc6ofepxi9v1bv8 --discovery-token-ca-cert-hash sha256:26aff3c0ad6cea0703ee6a0c450ed442be03bf3d5b3573efa0830079fffa2593
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.