K
Q

kubeadm: Explicitly set token for nodes to join with

3/26/2019

I have set up my master nodes using kubeadm.

Now I want to run the join command on my nodes so that the later join the cluster.

All I have to do is run

kubeadm join --token <token> --discovery-token-ca-cert-hash <sha256>

where <token> and are values previously returned by the command below:

kubeadm init

I am also trying to script the above process and I see that parsing the actual tokens from the last command is kinda difficult;

So I was wandering whether there is a way to explicitly specify the <token> and the <sha256> during cluster initialization, to avoid having to perform hacky parsing of the init command.

-- pkaramol
kubeadm
kubernetes

Similar Questions

Kubernetes - Do I need to some additional hardening steps?
Redis ha helm chart error - NOREPLICAS Not enough good replicas to write
Pods cant see API at https://api_service_cluster_ip:443, some of my pods cant see API at https://api_service_cluster_ip:6443
helm init Error: error installing: deployments.extensions is forbidden when run inside gitlab runner
OPA Rego rule to check annotation in k8s namespace with other rules

2 Answers

3/27/2019

Actually there seems to be a way around this:

(I am putting this in ansible tasks cause this is where I am planning to use it)

  - name: kubernetes.yml --> Initiate kubernetes cluster
      shell: 'kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address={{ ansible_facts[if_name]["ipv4"]["address"] }}'
      become: yes
      when: inventory_hostname in groups['masters']


    - name: kubernetes.yml --> Get the join command
      shell: kubeadm token create --print-join-command
      register: rv_join_command
      when: inventory_hostname in (groups['masters'] | last)
      become: yes

    - name: kubernetes.yml --> Print the join command
      debug:
        var: rv_join_command.stdout

Output:

TASK [kubernetes.yml --> Print the join command] *******************************
ok: [kubernetes-master-1] => 
  rv_join_command.stdout: 'kubeadm join 192.168.30.1:6443 --token ah0dbr.grxg9fke3c28dif3i     --discovery-token-ca-cert-hash sha256:716712ca7f07bfb4aa7df9a8b30ik3t0k3t2259b8c6fc7b68f50334356078 '
-- pkaramol
Source: StackOverflow
3/26/2019

I was trying to make a script for it as well.

In order to get the values needed I am using these commands:

TOKEN=$(sshpass -p $PASSWORD ssh  -o StrictHostKeyChecking=no root@$MASTER_IP sudo kubeadm token list | tail -1 | cut -f 1 -d " ") 


HASH=$(sshpass -p $PASSWORD ssh  -o StrictHostKeyChecking=no  root@$MASTER_IP  openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' )

Basically I use this commands to ssh on master and get this values.

I have not found a easier way to achieve this.

-- Leandro Donizetti Soares
Source: StackOverflow