k8s高可用集群5解決token過期

新創建的集群，token過期時間是24個小時，查看過期時間

#1查看自己設置的token名：

  [root@k8s-master01 ~]#cat new.yaml
    token: 7t2weq.bjbawausm0jaxury#2過濾出token文件

[root@k8s-master01 ~]#kubectl get secret -n kube-system|grep 7t2weq
bootstrap-token-7t2weq                           bootstrap.kubernetes.io/token         6      91m

#3查看詳情找到過期字段expiration
[root@k8s-master01 ~]#kubectl get secret -n kube-system bootstrap-token-7t2weq -o
error: flag needs an argument: 'o' in -o
See 'kubectl get --help' for usage.
您在 /var/spool/mail/root 中有新郵件
[root@k8s-master01 ~]#kubectl get secret -n kube-system bootstrap-token-7t2weq -oyaml
apiVersion: v1
data:
  auth-extra-groups: c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=
  expiration: MjAyMi0wMi0yOFQwMjo0Nzo1MVo=
  token-id: N3Qyd2Vx
  token-secret: YmpiYXdhdXNtMGpheHVyeQ==
  usage-bootstrap-authentication: dHJ1ZQ==
  usage-bootstrap-signing: dHJ1ZQ==
kind: Secret
metadata:
  creationTimestamp: "2022-02-27T02:47:51Z"
  name: bootstrap-token-7t2weq
  namespace: kube-system
  resourceVersion: "363"
  uid: d4d9ed92-51ea-4352-bd25-1e6e5a768fca
type: bootstrap.kubernetes.io/token
[root@k8s-master01 ~]#echo "MjAyMi0wMi0yOFQwMjo0Nzo1MVo="
MjAyMi0wMi0yOFQwMjo0Nzo1MVo=

#解密過期時間
[root@k8s-master01 ~]#echo "MjAyMi0wMi0yOFQwMjo0Nzo1MVo=" | base64 -d
2022-02-28T02:47:51Z

 如果token沒過期，直接執行下面這些命令就可以了

#添加Master節點的命令

kubeadm join 10.0.0.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \
--control-plane --certificate-key 017a5fac657642a30389649bcbf3ccbbdc27ecb43a4c100435cc5230dc173f11


#添加node節點的命令

kubeadm join 10.0.0.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9

如果token過期了，需要使用如下命令生成新的key

#生成新的工作節點node加入集群的命令
[root@k8s-master01 ~]#kubeadm token create --print-join-command
kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9

#生成新的master節點加入集群的命令
[root@k8s-master01 ~]#kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa #獲取key

#添加Master3節點

kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \
--control-plane --certificate-key d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa

 如果節點添加不上，可以試試一下步驟：

#1先停掉服務
systemctl stop containerd kubelet
#2刪除數據
rm -rf /etc/kubernetes/
rm -rf /var/lib/containerd/ /var/lib/kubelet/
#3如果執行了上面的刪除操作，那么接下來還需要創建
mkdir -p /etc/containerd
#4把moster01中的配置文件導入到你現在編輯的這個節點內例如你正在編輯的是k8s-node02節點
scp /etc/containerd/config.toml k8s-node02:/etc/containerd/
#5重啟containerd和kubelet
systemctl daemon-reload
systemctl restart containerd
systemctl restart kubelet
#6查看日志

tail -f /var/log/messages

#7執行加入集群命令，例如

kubeadm join 10.0.0.236:16443 --token 1cgq72.kqjrm92ujlgou235 --discovery-token-ca-cert-hash sha256:b20ac598b92b2f80d27b267af12ee18c0c3d10801edfbf98f1788b5cde9da0d9 \ --control-plane --certificate-key d995bb417970db8cf341cf0c45086ac89e1310d6abb757f4a15c379cbcb938aa

如果報錯提示某個目錄正在被使用，可以用umount卸載這個目錄，例如umount /var/lin/kubelet/pods/hfufdfyfyff