Kubernetes 添加新节点时 couldn‘t validate the identity of the API Server

最新推荐文章于 2025-03-02 18:31:02 发布
最新推荐文章于 2025-03-02 18:31:02 发布
阅读量5.8k 收藏 10
点赞数 7
分类专栏: Kubernetes 文章标签: kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/qq_39261894/article/details/109013696
版权

在k8s添加新节点时,发生如下错误
couldn't validate the identity of the API Server: expected a 32 byte SHA-256 hash, found 31 bytes

报错原因:

默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token

解决方法:

# master 查看节点检查token是否有效
kubeadm token list
# 生成新的token和命令。然后在node重新执行
kubeadm token create --print-join-command

执行结果:

[root@master ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
ag8915.91ayg7fogy9fffne   23h         2020-10-12T04:35:36-04:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token
[root@master ~]# kubeadm token create --print-join-command 
W1011 04:43:25.926122   21015 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.136.201:6443 --token 17wwni.taqxzqa3our1wh92     --discovery-token-ca-cert-hash sha256:1472821b3c34f13bc5d7264a737739e9854195b1856a00d2256c79d25118b2e

在 node节点执行新的token和命令
kubeadm join 192.168.136.201:6443 --token 17wwni.taqxzqa3our1wh92 --discovery-token-ca-cert-hash sha256:1472821b3c34f13bc5d7264a737739e9854195b1856a00d2256c79d25118b2e

[root@node1 ~]# kubeadm join 192.168.136.201:6443 --token ag8915.91ayg7fogy9fffne     --discovery-token-ca-cert-hash sha256:1472821b3c34f13bc5d7264a737739e9854195b1856a00d2256c79d25118b2e
W1011 04:43:30.597584   18709 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING Hostname]: hostname "node1" could not be reached
	[WARNING Hostname]: hostname "node1": lookup node1 on 8.8.8.8:53: read udp 192.168.136.202:59744->8.8.8.8:53: i/o timeout
error execution phase preflight: couldn't validate the identity of the API Server: expected a 32 byte SHA-256 hash, found 31 bytes
To see the stack trace of this error execute with --v=5 or higher
[root@node1 ~]# kubeadm join 192.168.136.201:6443 --token 17wwni.taqxzqa3our1wh92     --discovery-token-ca-cert-hash sha256:1472821b3c34f13bc5d7264a737739e9854195b1856a00d2256c79d25118b2e9
W1011 04:44:08.357838   18781 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING Hostname]: hostname "node1" could not be reached
	[WARNING Hostname]: hostname "node1": lookup node1 on 8.8.8.8:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

成功!

K8S集群节点加入报错:error execution phase preflight: couldn‘t validate the identity of the API Server: could
博客主要分享技术教程、工具教程、bug解决、前沿技术动态、编程经验、心得感悟等。 内容同步、干货获取、推广宣发请看侧栏推广信息
12-11 2748
每个人都有惰性,但不断学习是好好生活的根本,共勉!
[K8S]error execution phase preflight: couldn‘t validate the identity of the API Server
一杯咖啡半杯糖的博客
03-20 4100
error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "uyylx2" To see the stack trace of this error execute with --v=5 or higher
Kubenetes 添加节点报错—couldn‘t validate the identity of the API Server
我是小bā吖的博客
02-07 983
k8s添加节点报错
error execution phase preflight: couldn‘t validate the identity of the API Server: abort connecting
巅峰产生虚伪的拥护,黄昏见证虞城的信徒。
12-20 1万+
部署Kubernetes集群故障案例1. oken 过期2. k8s api server不可达 在使用k8s的过程中,相信很多人都遇到过使用kubeadm join命令,将node加入master,出现error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s错误,即节点纳入管理失败,五分钟后
kubeadm join: couldn't validate the identity of the API Server
shida's blog
03-26 5710
执行 kubeadm join 报如下错误: error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s 出现该问题可能有多种原因: 1. token 过期 此需要通过 k...
kubernetes节点加入集群报错:error execution phase preflight: couldn‘t validate the identity of the API Server
2402_82865370的博客
07-11 528
kubernetes节点加入集群报错:error execution phase preflight: couldn‘t validate the identity of the API Server
k8s后续添加节点失效couldn't validate the identity of the API Server
jstang的博客
10-17 1万+
报错信息 [root@k8s-node2 k8s]# kubeadm join 192.168.1.200:6443 --token ov6qse.lvw984yn30c96p9o --discovery-token-ca-cert-hash sha256:ed7ea5ae0c06f4ace9013e663b223e8da72e4e94e4dc657cfb1db68d777f3984 [...
couldn‘t validate the identity of the API Server: could not find a JWS signature in the cluster-info
qq_36037795的博客
11-18 323
kubernetes集群安装的候,集群使用了一段间。work节点数量不够了,你又安装了的work节点
将工作节点加入集群报错:error execution phase preflight: couldn’t validate the identity of the API Server: abort
weixin_52008047的博客
09-19 2688
参数是变量,是使用kubectl get secret -n kube-system查询的NAME,大家根据自己查询出来的操作即可,kubeadm token create --print-join-command 这个命令又可以重创建token。将到期间的值复制出来,我这里是MjAyNC0wOS0yMFQwMzo1NjozMVo= 这个到期值是变量,大家的肯定和我不一样,复制自己查询出来的值就可以,然后解密,可以得到到期间。如果是下图这样,就是活跃的,证明防火墙是开的,一定要确保防火墙全部关闭。
通过kubeadm join 为k8s集群增加节点出错 couldn‘t validate the identity of the API Server
marlinlm的博客
01-16 4508
通过kubeadm join 为k8s集群增加节点出错 couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "xxxxx" 的解决办法。
Worker节点加入K8S集群报错:error execution phase preflight: couldn‘t validate the identity of the API Server
保持学习
10-08 2152
Kubernetes的Bug场景
kubernetes运维——集群添加节点报错error execution phase preflight: couldn‘t validate the identity of the ……
Jack__iT的博客
11-13 5783
在对kubernetes 1.19.0 集群扩容的候报错失败,控制台打印信息如下 [preflight] Running pre-flight checks error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "9igmi0" To see
k8s的node节点加入无法验证API服务器的身份TOKEN过期
最新发布
m0_74020575的博客
03-02 309
在第一次配置的候,只加入了一个节点到集群,后面第二天想扩容节点,但是加入的候提示了一个证书过期的问题。
error execution phase preflight: couldn‘t validate the identity of the API Server: Get
你怎么还在用 ThinkPad 啊?
11-02 1366
关于这个错误我卡了半天,网上查了一遍都在说token失效,主机间不一样,然而并没有解决我的node节点加入不了master问题,因为是云服务器经过反复分析恍然大悟原始是端口号没放开。前提:服务器之间可以ping通,主机间一样,token没有超,防火墙已关闭。关于K8S服务搭建本人用的云服务分别是:华为云、百度云、阿里云。以下是我的配置就可以加入成功了。
The connection to the server localhost:8080 was refused - did you specify the right host or port?
热门推荐
醉生梦死一笑惊魂
12-02 5万+
解决k8s集群在节点运行kubectl出现的错误:The connection to the server localhost:8080 was refused - did you specify the right host or port? 问题分析: 出现这个问题的原因是kubectl命令需要使用kubernetes-admin来运行 解决办法: 将主节点(master节点)中的【/e...
搭建kubenates-err1
liurui50的博客
08-01 444
异常内容: W0801 09:20:29.965243 2958 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set. [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as
popper.min.js下载
01-29
### 下载 Popper.min.js 文件的方法 对于希望获取 `popper.min.js` 的开发者来说,可以通过多种方式来实现这一目标。通常情况下,推荐通过官方渠道或可靠的分发网络 (CDN) 来获得最的稳定版文件。 #### 使用 CDN 获取 Popper.min.js 最简单的方式之一是从流行的 CDN 中加载所需的 JavaScript 库。这不仅简化了集成过程,还可能提高性能,因为许多用户已经缓存了来自这些服务提供商的内容。例如: ```html <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2/dist/umd/popper.min.js"></script> ``` 这种方式不需要手动下载文件到本地服务器;只需将上述 `<script>` 标签添加至 HTML 文档中的适当位置即可立即使用 Popper 功能[^1]。 #### 从 npm 或 yarn 安装 如果项目采用模块化构建工具链,则可以直接利用包管理器如 npm 或 Yarn 进行安装。命令如下所示: ```bash npm install @popperjs/core # 或者 yarn add @popperjs/core ``` 之后可以根据具体需求引入特定功能模块,而不是整个库,从而减少打包后的体积并优化加载速度[^2]。 #### 访问 GitHub 发布页面下载压缩包 另一种方法是访问 Popper.js 的 [GitHub Releases](https://github.com/popperjs/popper-core/releases) 页面,在这里可以选择不同版本的 tarball 或 zip 归档进行下载解压操作。这种方法适合那些偏好离线工作环境或是想要定制编译选项的人群[^3]。 #### 手动克隆仓库 最后一种较为少见但也可行的办法便是直接克隆完整的 Git 存储库副本。这样可以获得开发分支以及历史记录等更多信息,适用于贡献代码或者深入学习内部机制的情况。 ```bash git clone https://github.com/popperjs/popper-core.git cd popper-core ``` 完成以上任一途径后便能成功取得所需版本的 Popper.min.js 文件,并将其应用于个人项目之中[^4]。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值