Node unable to join cluster - saying token expired

0 votes

I have executed the kubeadm init command on my master and now I'm trying to execute the node join command on my node but I encountered the following error:

[discovery] Failed to connect to API Server "<master_addr>:6443": token id "higwl" is invalid for this cluster or it has expired. Use "kubeadm token create" on the master node to creating a new valid token

What do I do?

Jan 16 in Kubernetes by Ashish
218 views

2 answers to this question.

0 votes

Hey @Ashish, seems like the token has expired. As mentioned in the error log try to create the token for master again, use the following commands:

# login to master node
# create a new bootstrap token
$ kubeadm token create
abcdef.1234--------

# get root ca cert fingerprint
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea 

# login to the new worker node
# join to cluster 
$ kubeadm join --token abcdef.1234567890abcdef --discovery-token-ca-cert-hash sha256:e18105ef24bacebb23d694dad491e8ef1c2ea9ade944e784b1f03a15a0d5ecea 1.2.3.4:6443
answered Jan 16 by Eric
0 votes

@Eric's answer is on point. There's another way of doing this.

Ever heard of Discovery files? So basically discovery files provide a very trusted out-of-bound connection between the master and the bootstrapping nodes. Use the join command like this after creating a new token for the master.

kubeadm join --token abcdef.1234567890abcdef --discovery-file a.conf
answered Jan 16 by Keshav

Related Questions In Kubernetes

0 votes
1 answer

Unable to run Kubernetes on rancher cluster

switch Docker to 1.12.x; Kubernetes doesn't support ...READ MORE

answered Aug 28, 2018 in Kubernetes by Kalgi
• 37,320 points
103 views
0 votes
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17 in Others by anonymous
1,146 views
+3 votes
1 answer
0 votes
4 answers

Error saying "Unable to connect to the server: x509: certificate signed by unknown authority"

Append kubectl get all command with --insecure-skip-tls-verify=true This did ...READ MORE

answered Apr 23 in Kubernetes by Joshua
2,858 views