无法将新节点加入k8s集群

Question

我想将新服务器加入k8s集群，但是失败了，我不知道为什么？

# kubeadm join 10.100.1.20:6443 --token xxxxxx --discovery-token-ca-cert-hash sha256:xxxxxx
[preflight] running pre-flight checks
    [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] or no builtin kernel ipvs support: map[ip_vs_sh:{} nf_conntrack_ipv4:{} ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{}]
you can solve this problem with following methods:
 1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support

I1126 10:30:33.608681    7238 kernel_validator.go:81] Validating kernel version
I1126 10:30:33.608737    7238 kernel_validator.go:96] Validating kernel config
    [WARNING Hostname]: hostname "t-k8s-b1" could not be reached
    [WARNING Hostname]: hostname "t-k8s-b1" lookup t-k8s-b1 on 103.224.222.222:53: no such host
[discovery] Trying to connect to API Server "10.100.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.100.1.20:6443"
[discovery] Requesting info from "https://10.100.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.100.1.20:6443"
[discovery] Successfully established connection with API Server "10.100.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
Unauthorized

找不到新节点

# kubectl get nodes
NAME       STATUS    ROLES     AGE       VERSION
t-k8s-a1   Ready     master    6d        v1.11.3
t-k8s-b2   Ready     <none>    6d        v1.11.3

在/ var / log / messages

中

Nov 26 10:40:39 t-k8s-b1 systemd: Configuration file /etc/systemd/system/kubelet.service is marked executable. Please remove executable permission bits. Proceeding anyway.

---

我将/etc/systemd/system/kubelet.service从0755更改为0644，警告消息消失并修改了模块ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh，仍然未经授权

[preflight] running pre-flight checks
I1126 10:48:03.529871    8416 kernel_validator.go:81] Validating kernel version
I1126 10:48:03.529927    8416 kernel_validator.go:96] Validating kernel config
    [WARNING Hostname]: hostname "t-k8s-b1" could not be reached
    [WARNING Hostname]: hostname "t-k8s-b1" lookup t-k8s-b1 on 103.224.222.222:53: no such host
[discovery] Trying to connect to API Server "10.100.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.100.1.20:6443"
[discovery] Requesting info from "https://10.100.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.100.1.20:6443"
[discovery] Successfully established connection with API Server "10.100.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
Unauthorized

解决方案

原因是令牌已过期，我重新创建了一个新令牌，并加入令牌，一切正常

# kubeadm  token create
new token

# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
ca cert hash

# kubeadm join 10.100.1.20:6443 --token new_token --discovery-token-ca-cert-hash sha256:ca_cert_hash