Step 1 – Install Docker
https://www.devopsschool.com/tutorial/docker/install-config/
https://www.devopsschool.com/tutorial/docker/install-config/docker-install-commuityedition-centos-rhel.html
Here’s the skeleton of a kubeadm join command for a control plane node:
kubeadm join <endpoint-ip-or-dns>:<port> \
--token <valid-bootstrap-token> \
--discovery-token-ca-cert-hash <ca-cert-sha256-hash> \
--control-plane \
--certificate-key <certificate-key>
And here’s the skeleton of a kubeadm join command for a worker node:
kubeadm join <endpoint-ip-or-dns>:<port> \
--token <valid-bootstrap-token> \
--discovery-token-ca-cert-hash <ca-cert-sha256-hash> \Code language: HTML, XML (xml)Step 2 – How to find discovery-token-ca-cert-has in kubernetes master node?
Mehtod 1 – Using openssl
openssl x509 -in /etc/kubernetes/pki/ca.crt -pubkey -noout | openssl pkey -pubin -outform DER | openssl dgst -sha256
or
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'Code language: JavaScript (javascript)Method 2 – Using Ansible Python Filter
Reference – https://gist.github.com/randomvariable/e4c43f89afec52fec0dbef6c08621249
Step 3 – How to Gererate kubeadm join “kubeadm token” using kubeadm in master nodes?
Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a control-plane node, as described in authenticating with bootstrap tokens. The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to ‘0’, the token will never expire (default 24h0m0s)
Differenece between kubeadm token create and kubeadm token generate
“kubeadm token create” would Create bootstrap tokens on the server but “kubeadm token generate” would Generate and print a bootstrap token, but do not create it on the server.
kubeadm token generate
This command will print out a randomly-generated bootstrap token that can be used with the “init” and “join” commands. You can also use “kubeadm init” without specifying a token and it will generate and print one for you. The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to ‘0’, the token will never expire (default 24h0m0s)
Create a kubeadm token for 200 hours?
$ kubeadm token create –ttl 24h0m0s
Generate a kubeadm token for life time?
$ kubeadm token create –ttl 0
Step 4 – Replace “172.31.14.69:6443” with API server. –token with kubeadm token and –discovery-token-ca-cert-hash and run following.
$ kubeadm join 172.31.14.69:6443 --token w82oxl.jglf7o8s7c2k4u8x --discovery-token-ca-cert-hash sha256:25d17cb97848f19c5ff6a097d5c18d410d41bff9a4b69cb9885be1ad26caeb16
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals