How do I find the join command for kubeadm on the master?
KubernetesKubeadmKubernetes Problem Overview
I've lost the original 'kubeadm join' command when I previously ran kubeadm init
.
How can I retrieve this value again?
Kubernetes Solutions
Solution 1 - Kubernetes
kubeadm token create --print-join-command
Solution 2 - Kubernetes
This might not work for the old Kubernetes versions but I tried with the new version and it worked for me.
To print a join command for worker/slave node,
kubeadm token create --print-join-command
But if you need to join a new control plane node, that won't work as you need to recreate a new key for the control plane join command. This can be done with three simple steps.
01.) re upload certs in the already working master node
sudo kubeadm init phase upload-certs --upload-certs
it will generate a new certificate key.
02.) print join command in the already working master node
kubeadm token create --print-join-command
03.) Add the --control-plane --certificate-key
and execute.
<join command from step 02> --control-plane --certificate-key <key from step 01>
Done.
Solution 3 - Kubernetes
To create kubeadm join
command, please run the following commands:
Step 1 - Retrieve Token CA Hash:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \
| openssl rsa -pubin -outform der 2>/dev/null \
| openssl dgst -sha256 -hex \
| sed 's/^.* //'
This command will provide you public key.
Step 2 - Retrieve bootstrap Tokens:
kubeadm token list
This will print all tokens, so copy the token value under TOKEN
with the description "The default bootstrap token generated by kubeadm init
."
Step 3 - Creates kubeadm init
command:
Now use following syntax to create join
command without creating a new token:
kubeadm join <ip-address>:6443\
--token=<token-from-step-2> \
--discovery-token-ca-cert-hash sha256:<ca-hash-from-step-1>
kubeadm token create
command creates a new token, in this case without any description, so for you not to create any additional tokens, just pick the token which has a DESCRIPTION
as mentioned in Step 2.
Solution 4 - Kubernetes
Run the below command on your master node machine.
kubeadm token create --print-join-command
This command will generate the new token as well as the join command which you can use at your worker node to join the cluster.
Solution 5 - Kubernetes
Building off @Abhishek Jain's answer, here's a script to print the kubeadm join
command with a little help from jq
:
# get the join command from the kube master
CERT_HASH=$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \
| openssl rsa -pubin -outform der 2>/dev/null \
| openssl dgst -sha256 -hex \
| sed 's/^.* //')
TOKEN=$(kubeadm token list -o json | jq -r '.token' | head -1)
IP=$(kubectl get nodes -lnode-role.kubernetes.io/master -o json \
| jq -r '.items[0].status.addresses[] | select(.type=="InternalIP") | .address')
PORT=6443
echo "sudo kubeadm join $IP:$PORT \
--token=$TOKEN --discovery-token-ca-cert-hash sha256:$CERT_HASH"
Solution 6 - Kubernetes
If you are joining control plane nodes, you will need a certificate key in the command too:
kubeadm token create \
--print-join-command \
--certificate-key \
$(kubeadm alpha certs certificate-key)
The kubeadm alpha certs certificate-key
command will generate a new certificate key on demand as per the documentation here
To Join a worker node, the command kubeadm token create --print-join-command
given in the accepted answer is sufficient