Regenerate Kubernetes Join Command to Join Work Node


When we first init a K8S cluster, it will output the join command for us to join work node as shown below.

But the token, by default, is only valid for 24 hours so we need to generate a new one once it expired or if we did not copy it for later use be expiration.

There are two ways to deal with the above situations,

  1. For either case, generate a new token
  2. Construct the join command if still within expiration time

Generate new token to join work node

Use command below to generate the join command for work node.

kubeadm token create --print-join-command

Check all tokens.

kubeadm token list

Construct the join command

For either case, it is easier and simpler just to create a new token for join command but it makes no harm to know more about how to construct the command. The join command is structured as below,

kubeadm join <api-server-ip:port> --token <token-value> \
--discovery-token-ca-cert-hash sha256:<hash value>

So we need three information,

  1. Api-server-ip and port, which you can find easily
  2. Valid token
  3. Token-ca-cert-hash value

On control plane node, run command below to get api-server-ip and port.

kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' && echo ""

List current or create new token.

Retrive token-ca-cert-hash value on any of the control plane node within the cluster.

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed ‘s/^.* //’

Now join these three values as shown below and execute it on K8S bootstrapped work node.

kubeadm join --token dr3gbo.bdwy2p79jqz93r58 \
--discovery-token-ca-cert-hash sha256:cbf5f7c1eead4491214964f841a0e1bf9f9c220987cb68edb8f98e2902b60aac

On control plane node, check if work node is successfully added.

And there you go, you now have a K8S cluster with single control plane and work node!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store