1. 토큰 리스트를 확인한 이후 토큰이 없으면 새로 생성해준다.
root@v1-1:~# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
root@v1-1:~# kubeadm token create
5rcdbn.z7soxtlro0g8d8x2
root@v1-1:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
65ad8d9d9aec097d0d0d6833de19620c4a351c3d2884440046ce79b4dc6fff6d2. 토큰과 해쉬값을 이용해 노드를 조인해준다.
root@v1-2:~# kubeadm join 192.168.142.214:6443 --token 5rcdbn.z7soxtlro0g8d8x2 --discovery-token-ca-cert-hash sha256:65ad8d9d9aec097d0d0d6833de19620c4a351c3d2884440046ce79b4dc6fff6d
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.2. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
3. 조인을 확인한다.
root@v1-1:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP OS-IMAGE
v1-1 Ready master 26d v1.15.3 192.168.142.214 Ubuntu 18.04.3 LTS
v1-2 Ready <none> 66s v1.15.3 192.168.142.215 Ubuntu 18.04.3 LTS
4. Master로 추가하고 싶은 경우
# kubeadm init phase upload-certs --upload-certs
I0914 19:04:22.718341 5902 version.go:248] remote version is much newer: v1.19.1; falling back to: stable-1.15
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
0d85789d47a7eec3bb810e69fd3e82978e67d1038e5cc1a8cba7dd8e016dc0d3upload-certs 키를 발급 받은 이후 join 옵션에 추가해준다.
kubeadm join IP:6443 --token ozyw9g.asfx0wh0p8lk54g3 --discovery-token-ca-cert-hash sha256:f130acccb4af5b16fa2a7297bbd0bb14039bfafc8b899221ff455164ed834416 --certificate-key bb0c54595de55b755d5991318497c572a56cc8f024b15aa69adadf8f2668226c --control-plane'Cloud > Kubernetes' 카테고리의 다른 글
| kubernetes resource가 terminating 상태에서 변하지 않을 때 (0) | 2020.07.21 |
|---|---|
| Kubernetes 특정 네임 스페이스의 전체 리소스 조회 (0) | 2020.07.09 |
| kubectl init 시 proc-sys-net-bridge-bridge-nf-call-iptables 에러 (0) | 2020.05.19 |
| Kubernetes Network (0) | 2020.05.06 |
| Kube DNS에 대해 알아보기 (0) | 2020.04.21 |