kubernetes:用kubeadm管理token(kubernetes 1.18.3)
2021-02-03 11:15
标签:set res -o The core group ken esc kubeadm 1,token是node节点用来连接master节点的令牌字串, 它和ca证书的hash值是把一台node节点加入到kubernetes集群时要使用的凭证 说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest 对应的源码可以访问这里获取: https://github.com/liuhongdi/ 说明:作者:刘宏缔 邮箱: 371125307@qq.com kubernetes:用kubeadm管理token(kubernetes 1.18.3) 标签:set res -o The core group ken esc kubeadm 原文地址:https://www.cnblogs.com/architectforest/p/13157791.html一,token的用途:
二,用kubeadm管理token的例子:
[root@kubemaster ~]# kubeadm token list
[root@kubemaster ~]# kubeadm token -h
[root@kubemaster ~]# kubeadm token create -h
[root@kubemaster ~]# kubeadm token create
W0618 14:46:52.793862 96998 configset.go:202] WARNING: kubeadm cannot validate component configs
for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
0bawqm.38quzatonv75y6sr[root@kubemaster ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
0bawqm.38quzatonv75y6sr 23h 2020-06-19T14:46:52+08:00 authentication,signing
[root@kubemaster ~]# kubeadm token create --ttl 0
W0618 14:56:19.710949 105283 configset.go:202] WARNING: kubeadm cannot validate component configs
for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
w56985.fiboh9v8vjqw2lap[root@kubemaster ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
0bawqm.38quzatonv75y6sr 23h 2020-06-19T14:46:52+08:00 authentication,signing
[root@kubemaster ~]# kubeadm token delete w56985.fiboh9v8vjqw2lap
bootstrap token "w56985” deleted
[root@kubemaster ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
0bawqm.38quzatonv75y6sr 23h 2020-06-19T14:46:52+08:00 authentication,signing
[root@kubemaster ~]# kubeadm token create --print-join-command
W0618 15:07:30.243762 115106 configset.go:202] WARNING: kubeadm cannot validate component configs
for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.219.130:6443 --token cts238.khb7z4qwu1h6iens \
--discovery-token-ca-cert-hash sha256:c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a73三,手动得到ca证书的hash值:
[root@kubemaster ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //‘
c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a73
kubeadm join 192.168.219.130:6443 --token cts238.khb7z4qwu1h6iens \
--discovery-token-ca-cert-hash sha256:c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a73四,查看kubernetes的版本
[root@kubemaster ~]# kubelet --version
Kubernetes v1.18.3
[root@kubemaster ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40",
GitTreeState:"clean", BuildDate:"2020-05-20T12:49:29Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64”}五,查看linux的版本
[root@kubemaster ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@kubemaster ~]# uname -r
4.18.0-193.el8.x86_64
文章标题:kubernetes:用kubeadm管理token(kubernetes 1.18.3)
文章链接:http://soscw.com/essay/50391.html