Kubeadm: How to get certificate-key when not save the kubeadm init log

Created on 14 Dec 2019 · 2Comments · Source: kubernetes/kubeadm

I want to join a control-plan when certificate-key not saved.

kubeadm token create --certificate-key xxx --print-join-command
57.290493    5079 validation.go:28] Cannot validate kube-proxy config - no validator is available
W1214 12:44:57.290531    5079 validation.go:28] Cannot validate kubelet config - no validator is available
kubeadm join apiserver.cluster.local:6443 --token l5evt9.83dwwp8jzvyud9w8     --discovery-token-ca-cert-hash sha256:6b2f470e8e7a46f4ae7768bb781fbf71ece0876d10ce54e8c6f6e04dbc9639a7     --control-plane --certificate-key xxx

kubeadm join apiserver.cluster.local:6443 --token l5evt9.83dwwp8jzvyud9w8     --discovery-token-ca-cert-hash sha256:6b2f470e8e7a46f4ae7768bb781fbf7^Cce0876d10ce54e8c6f6e04dbc9639a7     --control-plane --certificate-key xxx
This is a control plan
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [WARNING FileExisting-socat]: socat not found in system path
    [WARNING Hostname]: hostname "izj6c438gvdte4qaqnbrdnz" could not be reached
    [WARNING Hostname]: hostname "izj6c438gvdte4qaqnbrdnz": lookup izj6c438gvdte4qaqnbrdnz on 100.100.2.138:53: no such host
error execution phase preflight: couldn't validate the identity of the API Server: encoding/hex: invalid byte: U+005E '^'

How to get certificate-key

kinsupport

Source

fanux

All 2 comments

[WARNING Hostname]: hostname "izj6c438gvdte4qaqnbrdnz" could not be reached

this can cause you troubles. the hostname must be reachable!
you must be able to look it up from a terminal.

How to get certificate-key

kubeadm init phase upload-certs --upload-certs
this will upload the certificates and generate a new certificate key.
you can also specify a custom one:
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-upload-certs

closing as not a bug.
/close
/triage support

neolit123 on 14 Dec 2019

👎3 😕1

@neolit123: Closing this issue.

In response to this:

[WARNING Hostname]: hostname "izj6c438gvdte4qaqnbrdnz" could not be reached

this can cause you troubles. the hostname must be reachable!
you must be able to look it up from a terminal.

How to get certificate-key

kubeadm init phase upload-certs
this will upload the certificates and generate a new certificate key.

closing as not a bug.
/close
/triage support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.