首页 > 其他 > 详细

k8s中token过期重新生成

时间:2020-02-04 14:52:39      阅读:190      评论:0      收藏:0      [点我收藏+]

k8s中token过期重新生成

通过kubeadm初始化之后,都会提供node加入的token

默认的token的有效期是24小时,当过期了,如何新生成呢

重新生成token:

[root@k8s-master ~]# kubeadm token create
kk0ee6.nhvz5p85avmzyof3
[root@k8s-master ~]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
bgis60.aubeva3pjl9vf2qx   6h        2020-02-04T17:24:00+08:00   authentication,signing   The default bootstrap token generated by kubeadm init.   system:bootstrappers:kubeadm:default-node-token
kk0ee6.nhvz5p85avmzyof3   23h       2020-02-05T11:02:44+08:00   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token

获取ca证书sha256编码hash值

[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed s/^.* //
9db128fe4c68b0e65c19bb49226fc717e64e790d23816c5615ad6e21fbe92020

把节点加入到集群中

[root@k8s-node1 ~]# kubeadm join --token kk0ee6.nhvz5p85avmzyof3 --discovery-token-ca-cert-hash sha256:9db128fe4c68b0e65c19bb49226fc717e64e790d23816c5615ad6e21fbe92020  192.168.31.35:6443
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with kubectl -n kube-system get cm kubeadm-config -oyaml
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run kubectl get nodes on the control-plane to see this node join the cluster.

 

 

k8s中token过期重新生成

原文:https://www.cnblogs.com/ricklz/p/12259110.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!