Join Secondary Worker or Master to Host

Mindwatering Incorporated

Author: Tripp W Black

Created: 11/07/2019 at 02:08 PM

 

Category:
Linux
Kubernetes

Task:
It's been longer than 2 hours to use the join displayed with the master setup.
Need to generate new token and certificate for worker node(s) to join master cluster.

Steps for a WORKER node:

A. On the MASTER node:
1. Create Token. Copy output.
$ sudo kubeadm token create

output > sdq9ye.m0uii01s70mz8nt1

2. Create the certificate:
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

output > f3ab23eb7d7c0411a172e07ac4ca210f441173e6ad176a826136ea5361ac4859

B. On each WORKER node:
(w/in the next couple hours)
Combine the parts into the updated join command. Note that the certificate output as a prefix sha256: added
$ kubeadm join masternode:6443 --token sdq9ye.m0uii01s70mz8nt1 --discovery-token-ca-cert-hash sha256:f3ab23eb7d7c0411a172e07ac4ca210f441173e6ad176a826136ea5361ac4859


Additional steps for a secondary MASTER node:

A. In addition to the two steps for the worker, perform the following additional step on the MASTER node:
3. Create the master certificate:
$ kubeadm init phase upload-certs --upload-certs

output > 2f5a4033a774669934e5f1e29856f17b71a4a120468a905c064987a9c140a351

B. On each Secondary MASTER node:
(w/in the next couple hours)
Combine the parts into the updated join command. Note that the certificate output as a prefix sha256: added
$ kubeadm join masternode:6443 --token sdq9ye.m0uii01s70mz8nt1 --discovery-token-ca-cert-hash sha256:f3ab23eb7d7c0411a172e07ac4ca210f441173e6ad176a826136ea5361ac4859 --control-plane --certificate-key 2f5a4033a774669934e5f1e29856f17b71a4a120468a905c064987a9c140a351

Note:
This will NOT work if the endpoint has not been defined yet.
If you don't have one:
1. Create kubeadmin-config-ep.yaml
- include kubernetesVersion: 1.16.x
- include controlPlaneEndpoint: "myendpointdnsname:6443"
- include under networking, for podSubnet,

For the version, use the same version installed across the kubectl, kubelet, and kubemgr.
For the ep, use a DNS name that first master will get, and then all masters share once a load balancer is added.
For the network, use the same network as in the calico.yaml downloaded from the calico project site.

If you have not done the kubeadm init, use:
$ sudo kubeadm init --config=kubeadm-config-ep.yaml --upload-certs

Otherwise, the endpoint in a single one.





previous page

×