Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Kubernetes kubeadm join could not find a jws signature in the cluster-info ConfigMap for token ID

While configuring Kubernetes cluster using kubeadm tool and joining Worker nodes into the cluster I receiving below error.

kubeadm join token discovery token ca cert hash preflight kubernetes cluster api server jws signature cluster-info configmap control-plane k8s master node worker node.jpg

Another error: Kubernetes kubeadm join couldn't validate the identity of the API server connection refused

Complete articles:
Configure Nginx Load Balancer for the Kubernetes API Server - Part 1
Install and configure Kubernetes cluster master nodes using kubeadm - Part 2
Install and configure Kubernetes cluster worker nodes using kubeadm - Part 3

root@k8sworker01:~#
root@k8sworker01:~# kubeadm join 192.168.34.60:6443 --token tpxbcw.sk0f43qcxzm5ky61         --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "tpxbcw"
To see the stack trace of this error execute with --v=5 or higher
root@k8sworker01:~#

This error occurs due to expired token to join on the Control-Plane Kubernetes cluster. Generally newly created token is valid for 23 hours. You can create new token using below command on any of the Master node in the cluster. It generates join command. 

kubernetes cluster join kubeadm worker node master node token print-join-command token create discovery token ca cert hash pod container deployment.jpg

root@k8smaster01:~#
root@k8smaster01:~# kubeadm token create --print-join-command
kubeadm join 192.168.34.60:6443 --token j1u0qk.u018y1nupk7qxg0x --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
root@k8smaster01:~#

Use the newly created join command on worker node and Worker node will be joined into cluster as shown below.

Kubernetes cluster kubeadm join token discovery ca cert hash kubelet-start kubectl get nodes control-plane api server tls bootstrap kube-system kubeadm-config manifesh config.yaml kubelet.jpg

root@k8sworker01:~#
root@k8sworker01:~# kubeadm join 192.168.34.60:6443 --token j1u0qk.u018y1nupk7qxg0x --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

root@k8sworker01:~#

Useful Articles
How to install kubernetes master control-plane on ubuntu Part 1
How to install kubernetes worker node on ubuntu Part 2
ansible create an array with set_fact
Ansible get information from esxi advanced settings nested dictionary with unique keynames
Install Ansible AWX Tower on Ubuntu Linux
Ansible AWX installation error Cannot have both the docker-py and docker python modules
Ansible AWX installation error docker-compose run --rm --service-ports task awx-manage migrate --no-input

Go Back

 Posted in Devops
  Tags kubernetes k8s kubeadm kubectl

Comment

Blog Search

Page Views

11361296

Archive

Comments

Follow me on Blogarama