Cluster-info ConfigMap does not yet contain a JWS signature

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: 1.18.12
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Ubuntu18.04
CNI and version: flannel 0.3.1
CRI and version: Docker 19.3.2

I’ve got an issue joining a master to my HA cluster. This server has been rebuilt due to some other failures and now isn’t joining the cluster

The cluster-info ConfigMap does not yet contain a JWS signature for token ID "b6s9ig", will try again

This is a newly created token and I can see it in the output of kubeadm token list

It seems that new tokens are not being written to the cluster-info configmap. What is the process how this happens? so I can debug further.

In my case I fixed this by deleting the configMap and recreating it

kubectl -n kube-public get cm cluster-info -o yaml > cluster-info.yaml
kubectl -n kube-public delete cm cluster-info
kubectl -n kube-public apply -f cluster-info.yaml

I could then see all the tokens I’ve created today and new tokens were also added

In my case, the problem was that I had configured Kyverno, but I hadn’t got any nodes running Kyverno, so it wasn’t able to validate the update to the ‘cluster-info’ Configmap because of a failing webhook.

I used kubectl get validatingwebhookconfiguration to find the webhooks, then deleted them. Then, kubectl join started to work as expected.