从节点加入集群时,报错证书过期,完整报错如下:
error execution phase preflight: couldn't validate the identity of the API Server: Get https://10.10.10.10:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: x509: certificate has expired or is not yet valid
To see the stack trace of this error execute with --v=5 or higher
报错原因两种可能:
1、时间错误
本地时间错误同样会导致证书过期报错,请检查本地时间是否正确,同步时间命令
|
1 |
ntpdate ntp1.aliyun.com |
2、token过期
主节点重新生成token及hash
|
1 2 |
kubeadm token create openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' |
从节点重新执行kubeadm join(自行替换命令中的token及sha256)
|
1 |
kubeadm join 10.10.10.10:6443 --token fzv2cb.cdlgd2b4yivwpued --discovery-token-ca-cert-hash sha256:d537f87c47c9015fea3a708571dbdc5c27d921ef3e826ff67dbc0ed6d49280e4 |
原文链接:kubeadm join报错证书过期解决,转载请注明来源!
