Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.18.12
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Ubuntu18.04
CNI and version: flannel 0.3.1
CRI and version: Docker 19.3.2
I’ve got an issue joining a master to my HA cluster. This server has been rebuilt due to some other failures and now isn’t joining the cluster
The cluster-info ConfigMap does not yet contain a JWS signature for token ID "b6s9ig", will try again
This is a newly created token and I can see it in the output of kubeadm token list
It seems that new tokens are not being written to the cluster-info configmap. What is the process how this happens? so I can debug further.
In my case I fixed this by deleting the configMap and recreating it
kubectl -n kube-public get cm cluster-info -o yaml > cluster-info.yaml
kubectl -n kube-public delete cm cluster-info
kubectl -n kube-public apply -f cluster-info.yaml
I could then see all the tokens I’ve created today and new tokens were also added
In my case, the problem was that I had configured Kyverno, but I hadn’t got any nodes running Kyverno, so it wasn’t able to validate the update to the ‘cluster-info’ Configmap because of a failing webhook.
I used kubectl get validatingwebhookconfiguration
to find the webhooks, then deleted them. Then, kubectl join
started to work as expected.
ITNOA
Maybe your problem, is from token timed out.
If you want to sure this problem exist you can run below command
kubeadm token list
If above command does not show anything, your problem is token is timed out.
for resolve your problem, you can do below
kubeadm token create
If you run kubeadm token list
again you can see below result
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
70jkdh.gx9oiqd7jno56nou 23h 2021-10-25T19:52:59Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
As you can see this token has TTL, so after 23h this token was expired.
So before the TTL has comes, you can join another node with result token of above command.
You can see my answer from stackoverflow
4 Likes
Hello gays, I’ve the same issue and I solve it thanks soroshsabz’s answer.
Indeed, there was no token.
Below is what I did in the node-master:
kubeadm token list
kubeadm token create
kubeadm token list
And I have a new token:
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
gq0ko1.c89vhnvlv732rggo 23h 2024-03-22T13:19:49Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token