Regenerate Kubernetes Join Command to Join Work Node

Regenerate Kubernetes Join Command to Join Work Node

Image: https://vocon-it.com/2018/12/03/how-to-create-a-kubernetes-cluster-with-kubeadm-kubernetes-series-3/

When we first init a K8S cluster, it will output the join command for us to join work node as shown below.

Regenerate Kubernetes Join Command to Join Work Node

But the token, by default, is only valid for 24 hours so we need to generate a new one once it expired or if we did not copy it for later use be expiration.

There are two ways to deal with the above situations,

  1. For either case, generate a new token
  2. Construct the join command if still within expiration time

Generate new token to join work node

Use command below to generate the join command for work node.

kubeadm token create --print-join-command
Regenerate Kubernetes Join Command to Join Work Node

Check all tokens.

kobeadm token list
Regenerate Kubernetes Join Command to Join Work Node

Construct the join command

For either case, it is easier and simpler just to create a new token for join command but it makes no harm to know more about how to construct the command. The join command is structured as below,

kubeadm join <api-server-ip:port> --token <token-value> \
--discovery-token-ca-cert-hash sha256:<hash value>

So we need three information,

  1. Api-server-ip and port, which you can find easily
  2. Valid token
  3. Token-ca-cert-hash value

On control plane node, run command below to get api-server-ip and port.

kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' && echo ""
Regenerate Kubernetes Join Command to Join Work Node

List current or create new token.

Regenerate Kubernetes Join Command to Join Work Node

Retrive token-ca-cert-hash value on any of the control plane node within the cluster.

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed ‘s/^.* //’
Regenerate Kubernetes Join Command to Join Work Node

Now join these three values as shown below and execute it on K8S bootstrapped work node.

kubeadm join 172.31.43.204:6443 --token dr3gbo.bdwy2p79jqz93r58 \
--discovery-token-ca-cert-hash sha256:cbf5f7c1eead4491214964f841a0e1bf9f9c220987cb68edb8f98e2902b60aac
Regenerate Kubernetes Join Command to Join Work Node

On control plane node, check if work node is successfully added.

Regenerate Kubernetes Join Command to Join Work Node

And there you go, you now have a K8S cluster with single control plane and work node!

AWS Certified SA, SysOps & Developer Associate, Alibaba Cloud certified SA. Focusing on Azure, Prometheus w/ Grafana, ELK and K8S now.