Virtual Geek

Tales from real IT system administrators world and non-production environment

Kubernetes kubeadm join could not find a jws signature in the cluster-info ConfigMap for token ID

While configuring Kubernetes cluster using kubeadm tool and joining Worker nodes into the cluster I receiving below error.

kubeadm join token discovery token ca cert hash preflight kubernetes cluster api server jws signature cluster-info configmap control-plane k8s master node worker node.jpg

Another error: Kubernetes kubeadm join couldn't validate the identity of the API server connection refused

Complete articles:
Configure Nginx Load Balancer for the Kubernetes API Server - Part 1
Install and configure Kubernetes cluster master nodes using kubeadm - Part 2
Install and configure Kubernetes cluster worker nodes using kubeadm - Part 3

root@k8sworker01:~# kubeadm join --token tpxbcw.sk0f43qcxzm5ky61         --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "tpxbcw"
To see the stack trace of this error execute with --v=5 or higher

This error occurs due to expired token to join on the Control-Plane Kubernetes cluster. Generally newly created token is valid for 23 hours. You can create new token using below command on any of the Master node in the cluster. It generates join command. 

kubernetes cluster join kubeadm worker node master node token print-join-command token create discovery token ca cert hash pod container deployment.jpg

root@k8smaster01:~# kubeadm token create --print-join-command
kubeadm join --token j1u0qk.u018y1nupk7qxg0x --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3

Use the newly created join command on worker node and Worker node will be joined into cluster as shown below.

Kubernetes cluster kubeadm join token discovery ca cert hash kubelet-start kubectl get nodes control-plane api server tls bootstrap kube-system kubeadm-config manifesh config.yaml kubelet.jpg

root@k8sworker01:~# kubeadm join --token j1u0qk.u018y1nupk7qxg0x --discovery-token-ca-cert-hash sha256:031b7d3401ab07e651f93403b5364db16ea323cebf34a7772a473009ac5b1de3
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.


Useful Articles
How to install kubernetes master control-plane on ubuntu Part 1
How to install kubernetes worker node on ubuntu Part 2
ansible create an array with set_fact
Ansible get information from esxi advanced settings nested dictionary with unique keynames
Install Ansible AWX Tower on Ubuntu Linux
Ansible AWX installation error Cannot have both the docker-py and docker python modules
Ansible AWX installation error docker-compose run --rm --service-ports task awx-manage migrate --no-input

Go Back


Blog Search

Page Views


Follow me on Blogarama