master1已经搭建并且输出了token
[root@master1 ~]# kubeadm token create --print-join-command --certificate-key --v=5
kubeadm join 10.10.19.141:8443 --token hw9fe4.s0jhfpcqqx38swwb --discovery-token-ca-cert-hash sha256:e9df4c818e0e3d291b18529e80fcfbd3fb2651879c0985db2e97a235b5c04f64 --control-plane --certificate-key --v=5
master2加入时指定socket,在后面加入–cri-socket unix:///run/containerd/containerd.sock,如果以docker为容器加上–cri-socket unix:///var/run/cri-dockerd.sock
发现报错了!!!
master2加入时报错error execution phase control-plane-prepare/download-certs: error downloading certs: error decoding certificate key: encoding/hex: invalid byte: U+002D ‘-’
[root@master2 ~]# kubeadm join 10.10.19.141:8443 --token hw9fe4.s0jhfpcqqx38swwb --discovery-token-ca-cert-hash sha256:e9df4c818e0e3d291b18529e80fcfbd3fb2651879c0985db2e97a235b5c04f64 --control-plane --certificate-key --v=5 --cri-socket unix:///run/containerd/containerd.sock
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks before initializing the new control plane instance
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
error execution phase control-plane-prepare/download-certs: error downloading certs: error decoding certificate key: encoding/hex: invalid byte: U+002D '-'
To see the stack trace of this error execute with --v=5 or higher
在master1上重新生成证书密钥
[root@master1 ~]# kubeadm init phase upload-certs --upload-certs --config kubeadm-init.yaml
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
b80e18d761b1614f8ee53b1d1018aa09bd54efb37efb7391013b76ef3e4f04cb
master2加入时加上证书密钥字段 --certificate-key b80e18d761b1614f8ee53b1d1018aa09bd54efb37efb7391013b76ef3e4f04cb
[root@master2 containerd]# kubeadm join 10.10.19.141:8443 --token t45zd2.f9njrzf3dn9w0j9y --discovery-token-ca-cert-hash sha256:e9df4c818e0e3d291b18529e80fcfbd3fb2651879c0985db2e97a235b5c04f64 --control-plane --v=5 --cri-socket unix:///run/containerd/containerd.sock --certificate-key b80e18d761b1614f8ee53b1d1018aa09bd54efb37efb7391013b76ef3e4f04cb
成功!
其他补充:
node加入集群的命令
[root@node1 ~]# kubeadm join 10.10.19.141:8443 --token t45zd2.f9njrzf3dn9w0j9y --discovery-token-ca-cert-hash sha256:e9df4c818e0e3d291b18529e80fcfbd3fb2651879c0985db2e97a235b5c04f64 --v=5 --cri-socket unix:///run/containerd/containerd.sock
解释一下每个字段的含义
字段 | 含义 |
---|---|
–discovery-token-ca-cert-hash | 验证新节点的哈希值 |
–control-plane | 此节点为控制节点 |
–v=5 | 记录所有的日志信息,包括调试信息 |
–cri-socket | socket文件位置 |
–certificate-key | 证书密钥 |