diff --git a/content/en/docs/setup/independent/create-cluster-kubeadm.md b/content/en/docs/setup/independent/create-cluster-kubeadm.md index d027505e98514..fb3b27d37fff6 100644 --- a/content/en/docs/setup/independent/create-cluster-kubeadm.md +++ b/content/en/docs/setup/independent/create-cluster-kubeadm.md @@ -390,6 +390,48 @@ The nodes are where your workloads (containers and pods, etc) run. To add new no kubeadm join --token : --discovery-token-ca-cert-hash sha256: ``` +If you do not have the token, you can get it by running the following command on the master node: + +``` bash +kubeadm token list +``` + +The output is similar to this: + +``` console +TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS +8ewj1p.9r9hcjoqgajrj4gi 23h 2018-06-12T02:51:28Z authentication, The default bootstrap system: + signing token generated by bootstrappers: + 'kubeadm init'. kubeadm: + default-node-token +``` + +By default, tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired, +you can create a new token by running the following command on the master node: + +``` bash +kubeadm token create +``` + +The output is similar to this: + +``` console +5didvk.d09sbcov8ph2amjw +``` + +If you don't have the value of `--discovery-token-ca-cert-hash`, you can get it by running the following command chain on the master node: + +``` bash +openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ + openssl dgst -sha256 -hex | sed 's/^.* //' +``` + +The output is similar to this: + +``` console +8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78 +``` + {{< note >}} **Note:** To specify an IPv6 tuple for `:`, IPv6 address must be enclosed in square brackets, for example: `[fd00::101]:2073`. {{< /note >}}