[K8S]unable to fetch the kubeadm-config ConfigMap: failed to get config map: UnauthorizedTo see the stack trace of this error execute with --v=5 or higher 에러

 

만약 kubeadm을 통해 master에 node join을 시도할 경우 아래와 같이 오류가 난다면

ubuntu@node:~$ sudo kubeadm join 192.168.241.92:6443 --token 4rlhh1.4dehcs172qy9enyj --discovery-token-ca-cert-hash sha256:b5347bb4959f63e6100142700db4b7d69ea0d860c332265a1748cef29698f814
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized
To see the stack trace of this error execute with --v=5 or higher

 

 master의 token이 expire되었을 가능성이 높다.

ubuntu@master:~$ sudo kubeadm token list
[sudo] password for ubuntu: 
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
4rlhh1.4dehcs172qy9enyj   <invalid>   2021-03-08T04:42:08Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

 

TTL이 invalid 되어있는 것을 확인 가능하다.

token을 새롭게 발행하자.

ubuntu@master:~$ sudo kubeadm token create
qigsyn.hkxhfwyks4sohiem

 

list를 확인해 보면 23시간동안 token사용 가능함을 확인 할 수 있다.

ubuntu@master:~$ sudo kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
4rlhh1.4dehcs172qy9enyj   <invalid>   2021-03-08T04:42:08Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token
qigsyn.hkxhfwyks4sohiem   23h         2021-03-09T12:49:20Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token

 

node에서 token을 변경해서 다시 join을 해주자. 아래와 같이 로그가 나오면 성공한 것이다.

ubuntu@node:~$ sudo kubeadm join 192.168.241.92:6443 --token qigsyn.hkxhfwyks4sohiem --discovery-token-ca-cert-hash sha256:b5347bb4959f63e6100142700db4b7d69ea0d860c332265a1748cef29698f814
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.