클러스터 구축 후 토큰 값을 까먹거나 여러 요인들로 추가로 작업해줘야할 경우에 아래 과정으로 실시하면 된다.
Master 노드
- 토큰 값 조회
# kubeadm token list
19iege.6onflcvyh6yr7bqq 21h 2024-09-09T06:10:33Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
- token 값에는 만료 기간이 있기 때문에 위에서 token 값을 확인할 수 없다면 새로운 token을 생성해줘야함
$ kubeadm token create
$ kubeadm token list
- HASH 값 확인
# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
추가할 작업 노드
$ kubeadm join <> --token <Token 값> --discovery-token-ca-cert-hash sha256:<Hash 값>
- 예시
# kubeadm join --token 19iege.6onflcvyh6yr7bqq --discovery-token-ca-cert-hash sha256:7bbb39683373cc97842fdbadfbdd9a3d918aa070e5a3ddf154dac0965d03bc20
[preflight] Running pre-flight checks
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
