一、Master注册到集群:高可用master——模拟token过期
### --- Master注册到集群:高可用master]——模拟token过期
~~~ 生成新的token文件
二、Master注册到集群:Token过期后生成新的token:
### --- Token过期后生成新的token:
[root@k8s-master01 ~]# kubeadm token create --print-join-command
kubeadm join 192.168.1.20:16443 --token oesiit.mt5fzqi8i9ascx9f --discovery-token-ca-cert-hash sha256:c09f2051501a53aaa1e158959d69d4be655d4f475c28c81b5895baddfbd59bf9
### --- Master生成新的--certificate-key
[root@k8s-master01 ~]# kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
def6ac62a7502a8d1bbb37843f41ed6bfffae5e7f5c14737d54ff91afa0d592b
### --- 查看生成的新的token值
~~~ # 查看token文件
[root@k8s-master01 ~]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
bootstrap-token-zctktz bootstrap.kubernetes.io/token 4 118s
[root@k8s-master01 ~]# kubectl get secret -n kube-system bootstrap-token-zctktz -oyaml
apiVersion: v1
data:
description: UHJveHkgZm9yIG1hbmFnaW5nIFRUTCBmb3IgdGhlIGt1YmVhZG0tY2VydHMgc2VjcmV0
expiration: MjAyMS0wNy0xMFQyMToxMzo1NyswODowMA==
token-id: emN0a3R6
token-secret: ZGt0OXFwZzZiZng1czd5dw==
kind: Secret
metadata:
creationTimestamp: "2021-07-10T11:13:58Z"
name: bootstrap-token-zctktz
namespace: kube-system
resourceVersion: "2535"
uid: 741027c9-4dce-4f00-af0d-eba179a089dc
type: bootstrap.kubernetes.io/token
~~~ # 查看token文件
[root@k8s-master01 ~]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
bootstrap-token-zctktz bootstrap.kubernetes.io/token 4 118s
[root@k8s-master01 ~]# kubectl get secret -n kube-system bootstrap-token-zctktz -oyaml
apiVersion: v1
data:
description: UHJveHkgZm9yIG1hbmFnaW5nIFRUTCBmb3IgdGhlIGt1YmVhZG0tY2VydHMgc2VjcmV0
expiration: MjAyMS0wNy0xMFQyMToxMzo1NyswODowMA==
token-id: emN0a3R6
token-secret: ZGt0OXFwZzZiZng1czd5dw==
kind: Secret
metadata:
creationTimestamp: "2021-07-10T11:13:58Z"
name: bootstrap-token-zctktz
namespace: kube-system
resourceVersion: "2535"
uid: 741027c9-4dce-4f00-af0d-eba179a089dc
type: bootstrap.kubernetes.io/token
~~~ # 解密token值
[root@k8s-master01 ~]# echo "MjAyMS0wNy0xMFQyMToxMzo1NyswODowMA==" |base64 -d
2021-07-10T21:13:57+08:00 // 过期时间是2个小时
2021-07-10T21:13:57+08:00[root@k8s-master01 ~]# echo "ZGt0OXFwZzZiZng1czd5dw==" |base64 -d
dkt9qpg6bfx5s7yw
[root@k8s-master01 ~]# echo "UHJveHkgZm9yIG1hbmFnaW5nIFRUTCBmb3IgdGhlIGt1YmVhZG0tY2VydHMgc2VjcmV0" |base64 -d
Proxy for managing TTL for the kubeadm-certs secret
三、k8s-master03注册到kubernetes集群:模拟token过期
### --- 把k8s-master03节点注册到kubernetes集群中:使用新的token值
~~~ # 把k8s-master03节点注册到kubernetes集群中
[root@k8s-master03 ~]# kubeadm join 192.168.1.20:16443 --token oesiit.mt5fzqi8i9ascx9f \
--discovery-token-ca-cert-hash sha256:c09f2051501a53aaa1e158959d69d4be655d4f475c28c81b5895baddfbd59bf9 \
--control-plane --certificate-key def6ac62a7502a8d1bbb37843f41ed6bfffae5e7f5c14737d54ff91afa0d592b
~~~ 注:输出参数
This node has joined the cluster and a new control plane instance was created:
* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Control plane (master) label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.
To start administering your cluster from this node, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Run 'kubectl get nodes' to see this node join the cluster.
### --- 查看集群状态
~~~ # 查看k8s-master03是注册到kubernetes集群中
[root@k8s-master01 ~]# kubectl get node -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master01 NotReady control-plane,master 37m v1.21.2 192.168.1.11 <none> CentOS Linux 7 (Core) 4.19.12-1.el7.elrepo.x86_64 docker://19.3.15
k8s-master02 NotReady control-plane,master 17m v1.21.2 192.168.1.12 <none> CentOS Linux 7 (Core) 4.19.12-1.el7.elrepo.x86_64 docker://19.3.15
k8s-master03 NotReady control-plane,master 95s v1.21.2 192.168.1.13 <none> CentOS Linux 7 (Core) 4.19.12-1.el7.elrepo.x86_64 docker://19.3.15
~~~ # 查看已生成的pod
[root@k8s-master01 ~]# kubectl get po -n kube-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-6f6b8cc4f6-72xlp 0/1 Pending 0 38m <none> <none> <none> <none>
coredns-6f6b8cc4f6-8xjzf 0/1 Pending 0 38m <none> <none> <none> <none>
etcd-k8s-master01 1/1 Running 0 38m 192.168.1.11 k8s-master01 <none> <none>
etcd-k8s-master02 1/1 Running 0 17m 192.168.1.12 k8s-master02 <none> <none>
etcd-k8s-master03 1/1 Running 0 108s 192.168.1.13 k8s-master03 <none> <none>
kube-apiserver-k8s-master01 1/1 Running 0 38m 192.168.1.11 k8s-master01 <none> <none>
kube-apiserver-k8s-master02 1/1 Running 0 17m 192.168.1.12 k8s-master02 <none> <none>
kube-apiserver-k8s-master03 1/1 Running 0 108s 192.168.1.13 k8s-master03 <none> <none>
kube-controller-manager-k8s-master01 1/1 Running 1 38m 192.168.1.11 k8s-master01 <none> <none>
kube-controller-manager-k8s-master02 1/1 Running 0 17m 192.168.1.12 k8s-master02 <none> <none>
kube-controller-manager-k8s-master03 1/1 Running 0 108s 192.168.1.13 k8s-master03 <none> <none>
kube-proxy-2zghc 1/1 Running 0 17m 192.168.1.12 k8s-master02 <none> <none>
kube-proxy-nq598 1/1 Running 0 38m 192.168.1.11 k8s-master01 <none> <none>
kube-proxy-tj7cx 1/1 Running 0 109s 192.168.1.13 k8s-master03 <none> <none>
kube-scheduler-k8s-master01 1/1 Running 1 38m 192.168.1.11 k8s-master01 <none> <none>
kube-scheduler-k8s-master02 1/1 Running 0 17m 192.168.1.12 k8s-master02 <none> <none>
kube-scheduler-k8s-master03 1/1 Running 0 108s 192.168.1.13 k8s-master03 <none> <none>
~~~ # 查看已生成的service
[root@k8s-master01 ~]# kubectl get service -n kube-system -owide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 38m k8s-app=kube-dns