Add guide for getting token and discovery-token-ca-cert-hash (#9017)

* Add guide for getting token and discovery-token-ca-cert-hash * Fix code snippet style
kubernetes · Jul 18, 2018 · f9ce82e · f9ce82e
1 parent e017d92
commit f9ce82e
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/content/en/docs/setup/independent/create-cluster-kubeadm.md b/content/en/docs/setup/independent/create-cluster-kubeadm.md
@@ -390,6 +390,48 @@ The nodes are where your workloads (containers and pods, etc) run. To add new no
 kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
 ```
 
+If you do not have the token, you can get it by running the following command on the master node:
+
+``` bash
+kubeadm token list
+```
+
+The output is similar to this:
+
+``` console
+TOKEN                    TTL  EXPIRES              USAGES           DESCRIPTION            EXTRA GROUPS
+8ewj1p.9r9hcjoqgajrj4gi  23h  2018-06-12T02:51:28Z authentication,  The default bootstrap  system:
+                                                   signing          token generated by     bootstrappers:
+                                                                    'kubeadm init'.        kubeadm:
+                                                                                           default-node-token
+```
+
+By default, tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired,
+you can create a new token by running the following command on the master node:
+
+``` bash
+kubeadm token create
+```
+
+The output is similar to this:
+
+``` console
+5didvk.d09sbcov8ph2amjw
+```
+
+If you don't have the value of `--discovery-token-ca-cert-hash`, you can get it by running the following command chain on the master node:
+
+``` bash
+openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
+   openssl dgst -sha256 -hex | sed 's/^.* //'
+```
+
+The output is similar to this:
+
+``` console
+8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78
+```
+
 {{< note >}}
 **Note:** To specify an IPv6 tuple for `<master-ip>:<master-port>`, IPv6 address must be enclosed in square brackets, for example: `[fd00::101]:2073`.
 {{< /note >}}