(continued)
(5,5) configure slave node and join the k8s cluster
I'm using debian-testing in vmware as the slave node. You only need to install k8s and docker on slave node.
Get token from master node if needed:
(09:16 dabs@CNU1343VF8 ~) > kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-66bff467f8-964mm 1/1 Running 1 11h
kube-system coredns-66bff467f8-xd888 1/1 Running 1 11h
kube-system etcd-cnu1343vf8 1/1 Running 1 11h
kube-system kube-apiserver-cnu1343vf8 1/1 Running 2 11h
kube-system kube-controller-manager-cnu1343vf8 1/1 Running 3 11h
kube-system kube-flannel-ds-amd64-q4lkp 1/1 Running 1 11h
kube-system kube-proxy-522xw 1/1 Running 1 11h
kube-system kube-scheduler-cnu1343vf8 1/1 Running 3 11h
(09:16 dabs@CNU1343VF8 ~) > sudo kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
w324f8.c8bhymnylkgmp5yj 12h 2020-05-29T21:27:00+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
2020/6/14 update: If no output from 'kubeadm token list', it means that the token has expiried. You need to recreate the token:
(21:32 dabs@CNU1343VF8 ~) > sudo kubeadm token create w324f8.c8bhymnylkgmp5yj --print-join-command
W0614 21:34:58.479632 365899 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.3.4:6443 --token w324f8.c8bhymnylkgmp5yj --discovery-token-ca-cert-hash sha256:2d2dda308ba096ceb839b8b8dd5144b6ece17adc37f8c003747d016d2c4262e6
If you try 'kubeadm join' without caCertHash, it fails with an Fatal Error:
$sudo kubeadm join --token=w324f8.c8bhymnylkgmp5yj 192.168.3.4:6443
discovery.bootstrapToken: Invalid value: "": using token-based discovery without caCertHashes can be unsafe. Set unsafeSkipCAVerification to continue
Add the '--discovery-token-unsafe-skip-ca-verification' option as a workaround:
$sudo kubeadm join --token=w324f8.c8bhymnylkgmp5yj 192.168.3.4:6443 --discovery-token-unsafe-skip-ca-verification
Fortunately, i have the 'kubeam init' outputs backup:
Check on master node that the slave node is up:
(09:25 dabs@CNU1343VF8 ~) > kubectl get nodes
NAME STATUS ROLES AGE VERSION
cnu1343vf8 Ready master 12h v1.18.3
debiannode Ready <none> 23s v1.18.3