Kubernetes(K8s) and Docker notes (1.4)

(continued)

(5,5) configure slave node and join the k8s cluster

I'm using debian-testing in vmware as the slave node. You only need to install k8s and docker on slave node.

Get token from master node if needed:

(09:16 dabs@CNU1343VF8 ~) > kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-66bff467f8-964mm             1/1     Running   1          11h
kube-system   coredns-66bff467f8-xd888             1/1     Running   1          11h
kube-system   etcd-cnu1343vf8                      1/1     Running   1          11h
kube-system   kube-apiserver-cnu1343vf8            1/1     Running   2          11h
kube-system   kube-controller-manager-cnu1343vf8   1/1     Running   3          11h
kube-system   kube-flannel-ds-amd64-q4lkp          1/1     Running   1          11h
kube-system   kube-proxy-522xw                     1/1     Running   1          11h
kube-system   kube-scheduler-cnu1343vf8            1/1     Running   3          11h
(09:16 dabs@CNU1343VF8 ~) > sudo kubeadm token list
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
w324f8.c8bhymnylkgmp5yj   12h         2020-05-29T21:27:00+08:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

2020/6/14 update: If no output from 'kubeadm token list', it means that the token has expiried. You need to recreate the token:

(21:32 dabs@CNU1343VF8 ~) > sudo kubeadm token create w324f8.c8bhymnylkgmp5yj --print-join-command
W0614 21:34:58.479632  365899 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.3.4:6443 --token w324f8.c8bhymnylkgmp5yj     --discovery-token-ca-cert-hash sha256:2d2dda308ba096ceb839b8b8dd5144b6ece17adc37f8c003747d016d2c4262e6

If you try 'kubeadm join' without caCertHash, it fails with an Fatal Error:

$sudo kubeadm join --token=w324f8.c8bhymnylkgmp5yj 192.168.3.4:6443

discovery.bootstrapToken: Invalid value: "": using token-based discovery without caCertHashes can be unsafe. Set unsafeSkipCAVerification to continue

 

Add the '--discovery-token-unsafe-skip-ca-verification' option as a workaround:

$sudo kubeadm join --token=w324f8.c8bhymnylkgmp5yj 192.168.3.4:6443 --discovery-token-unsafe-skip-ca-verification

Fortunately, i have the 'kubeam init' outputs backup: 

Check on master node that the slave node is up:

(09:25 dabs@CNU1343VF8 ~) > kubectl get nodes
NAME         STATUS   ROLES    AGE   VERSION
cnu1343vf8   Ready    master   12h   v1.18.3
debiannode   Ready    <none>   23s   v1.18.3