본문 바로가기

Cloud/Kubernetes

Kubernetes 노드 추가 방법

1. 토큰 리스트를 확인한 이후 토큰이 없으면 새로 생성해준다.

root@v1-1:~# kubeadm token list
TOKEN     TTL       EXPIRES   USAGES    DESCRIPTION   EXTRA GROUPS
root@v1-1:~# kubeadm token create
5rcdbn.z7soxtlro0g8d8x2

root@v1-1:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
65ad8d9d9aec097d0d0d6833de19620c4a351c3d2884440046ce79b4dc6fff6d

2. 토큰과 해쉬값을 이용해 노드를 조인해준다.

root@v1-2:~# kubeadm join 192.168.142.214:6443 --token 5rcdbn.z7soxtlro0g8d8x2 --discovery-token-ca-cert-hash sha256:65ad8d9d9aec097d0d0d6833de19620c4a351c3d2884440046ce79b4dc6fff6d
[preflight] Running pre-flight checks
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.2. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

3. 조인을 확인한다.

root@v1-1:~# kubectl get nodes -o wide
NAME   STATUS   ROLES    AGE   VERSION   INTERNAL-IP     OS-IMAGE          
v1-1   Ready    master   26d   v1.15.3   192.168.142.214 Ubuntu 18.04.3 LTS
v1-2   Ready    <none>   66s   v1.15.3   192.168.142.215 Ubuntu 18.04.3 LTS

4. Master로 추가하고 싶은 경우

# kubeadm init phase upload-certs --upload-certs
I0914 19:04:22.718341    5902 version.go:248] remote version is much newer: v1.19.1; falling back to: stable-1.15
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
0d85789d47a7eec3bb810e69fd3e82978e67d1038e5cc1a8cba7dd8e016dc0d3

upload-certs 키를 발급 받은 이후 join 옵션에 추가해준다.

kubeadm join IP:6443 --token ozyw9g.asfx0wh0p8lk54g3 --discovery-token-ca-cert-hash sha256:f130acccb4af5b16fa2a7297bbd0bb14039bfafc8b899221ff455164ed834416 --certificate-key bb0c54595de55b755d5991318497c572a56cc8f024b15aa69adadf8f2668226c --control-plane