问题
So I know how to add a worker node to an existing Kubernetes 1.14 cluster (that was set up with kubeadm): kubeadm token create --print-join-command will print a valid kubeadm join command with correct values for arguments --token and --discovery-token-ca-cert-hash.
I currently understand that for adding another node to the control plane (master node) kubeadm join requires the additional arguments --experimental-control-plane (w/o value) and --certificate-key. This is for stacked control plane and etcd nodes.
How (in which file) can I obtain the correct value for --certificate-key for an existing cluster?
UPDATE My first (and currently only) master node was created without the argument --experimental-upload-certs to kubeadm init (but by kubeadm init --pod-network-cidr=10.244.0.0/16 instead). Therefore manual certificate distribution should apply and a possible sequence of steps could thus be:
- copy certificates and keys in
/etc/kubernetes/pki/{ca.*,sa.*,front-proxy-sa.*,etcd/ca.*}from the first to the new master node - run
kubeadm token create --print-join-commandon the first master node - run printed
kubeadm joincommand with the additional argument--experimental-control-planeon the new master node
Is this the correct procedure?
回答1:
According to the documentation, this command provides a new decription key:
kubeadm init phase upload-certs --experimental-upload-certs
来源:https://stackoverflow.com/questions/55850229/certificate-key-when-adding-node-to-kubernetes-control-plane