1.查看Token
[root@m1 admin]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS bwa8py.ghf5s0vfsxz1d7fx <invalid> 2022-08-01T19:06:15+08:00 authentication,signing kubelet-bootstrap-token system:bootstrappers:worker mbwfv6.lbasbfken6or58re 23h 2022-08-04T21:29:20+08:00 authentication,signing kubelet-bootstrap-token system:bootstrappers:worker yvsocr.b40go6o23ee85wrs <forever> <never> authentication,signing kubelet-bootstrap-token system:bootstrappers:worker
2.设置用不过期Token
# 不加只有24H小时 [root@m1 admin]# kubeadm token create # 加上 kubeadm token create --ttl 0 [root@m1 admin]# export BOOTSTRAP_TOKEN=$(kubeadm token create --ttl 0 \ --description kubelet-bootstrap-token \ --groups system:bootstrappers:worker \ --kubeconfig kube.config)
获取CA公钥的哈希值 openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //' kubeadm join 192.168.40.8:6443 --token token填这里 --discovery-token-ca-cert-hash sha256:哈希值填这里
# 删除多余token [root@m1 admin]# kubeadm token delete bwa8py.ghf5s0vfsxz1d7fx bootstrap token with id "bwa8py" deleted [root@m1 admin]# kubeadm token delete mbwfv6.lbasbfken6or58re bootstrap token with id "mbwfv6" deleted
