Step 1 – Install Docker
https://www.devopsschool.com/tutorial/docker/install-config/
https://www.devopsschool.com/tutorial/docker/install-config/docker-install-commuityedition-centos-rhel.html
Here’s the skeleton of a kubeadm join command for a control plane node:
kubeadm join <endpoint-ip-or-dns>:<port> \
--token <valid-bootstrap-token> \
--discovery-token-ca-cert-hash <ca-cert-sha256-hash> \
--control-plane \
--certificate-key <certificate-key>
And here’s the skeleton of a kubeadm join command for a worker node:
kubeadm join <endpoint-ip-or-dns>:<port> \
--token <valid-bootstrap-token> \
--discovery-token-ca-cert-hash <ca-cert-sha256-hash> \Step 2 – How to find discovery-token-ca-cert-has in kubernetes master node?
Mehtod 1 – Using openssl
openssl x509 -in /etc/kubernetes/pki/ca.crt -pubkey -noout | openssl pkey -pubin -outform DER | openssl dgst -sha256
or
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'Method 2 – Using Ansible Python Filter
Reference – https://gist.github.com/randomvariable/e4c43f89afec52fec0dbef6c08621249
Step 3 – How to Gererate kubeadm join “kubeadm token” using kubeadm in master nodes?
Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a control-plane node, as described in authenticating with bootstrap tokens. The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to ‘0’, the token will never expire (default 24h0m0s)
Differenece between kubeadm token create and kubeadm token generate
“kubeadm token create” would Create bootstrap tokens on the server but “kubeadm token generate” would Generate and print a bootstrap token, but do not create it on the server.
kubeadm token generate
This command will print out a randomly-generated bootstrap token that can be used with the “init” and “join” commands. You can also use “kubeadm init” without specifying a token and it will generate and print one for you. The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to ‘0’, the token will never expire (default 24h0m0s)
Create a kubeadm token for 200 hours?
$ kubeadm token create –ttl 24h0m0s
Generate a kubeadm token for life time?
$ kubeadm token create –ttl 0
Step 4 – Replace “172.31.14.69:6443” with API server. –token with kubeadm token and –discovery-token-ca-cert-hash and run following.
$ kubeadm join 172.31.14.69:6443 --token w82oxl.jglf7o8s7c2k4u8x --discovery-token-ca-cert-hash sha256:25d17cb97848f19c5ff6a097d5c18d410d41bff9a4b69cb9885be1ad26caeb16
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- Apache Lucene Query Example - April 8, 2024
- Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI) - April 7, 2024
- What is Multi-cluster Ingress (MCI) - April 7, 2024
