在master01上
生成新token
[root@k8s-master01 ~]# kubeadm token create --print-join-command
W0825 09:25:49.300571 23457 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.80.10:16443 --token il1ddh.6s1rp74bb3cf18wv --discovery-token-ca-cert-hash sha256:b7c2ecb0c238eadf5c6b8657137203c11633fd4c812bcea10e1dfbc61a36861f
生成新证书
1.16版本前参数为--experimental-upload-certs
,1.16及1.16版本以后为--upload-certs
命令不对就会出现unknown flag --experimental-upload-certs的错误
[root@k8s-master01 ~]# kubeadm init phase upload-certs --upload-certs
I0825 09:35:16.039382 32084 version.go:255] remote version is much newer: v1.22.1; falling back to: stable-1.19
W0825 09:35:16.739034 32084 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
a615c6fb67eff694085de21480c462de2bc65b545884957ae0d37b109000e281
在新节点
添加新node节点
kubeadm join 192.168.80.10:16443 --token il1ddh.6s1rp74bb3cf18wv --discovery-token-ca-cert-hash sha256:b7c2ecb0c238eadf5c6b8657137203c11633fd4c812bcea10e1dfbc61a36861f
添加新master节点
同样,1.16版本前参数为--experimental-control-plane --certificate-key
,1.16及1.16版本以后为--control-plane --certificate-key
kubeadm join 192.168.80.10:16443 --token il1ddh.6s1rp74bb3cf18wv --discovery-token-ca-cert-hash sha256:b7c2ecb0c238eadf5c6b8657137203c11633fd4c812bcea10e1dfbc61a36861f --control-plane --certificate-key a615c6fb67eff694085de21480c462de2bc65b545884957ae0d37b109000e281
etcdctl --cacert="/etc/kubernetes/pki/etcd/ca.crt" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" member list