Can't find kubeadm token after initializing master

Question

When i run kubeadm init it shows a token that I should use from the other hosts to connect to this host. Where is that token stored? I'm trying to figure out more ways to automate this by adding kubeadm inside of Terraform.

Thanks for any help!

you can generate token and use it for init command. 'kubeadm token generate' then use '/usr/bin/kubeadm init --token ' — sfgroups, Jun 05 '17 at 12:13

score 60 · Answer 1 · edited Feb 13 '18 at 16:40

60

The instruction for Kubernetes 1.9.x (and above) can be found here.

The commands I used are:

kubeadm token generate
kubeadm token create <generated-token> --print-join-command --ttl=0

edited Feb 13 '18 at 16:40

errordeveloper

6,716
6
41
54

answered Feb 08 '18 at 17:13

Chris Fregly

1,490
1
12
8

4

Note that it's safer to set TTL (or omit the -ttl flag to set default 24h TTL). – Mika Vatanen Jun 09 '18 at 10:05
after k8s 1.25, the output of "kubeadm token create --print-join-command --ttl=0" is not enough. you also need to specify "--cri-socket [socket]". see https://kubernetes.io/docs/setup/production-environment/container-runtimes/ – JengdiB Dec 08 '22 at 03:54

score 23 · Answer 2 · answered Jun 05 '17 at 12:10

23

Run this command in the master node to get the token

kubeadm token list

answered Jun 05 '17 at 12:10

sfgroups

18,151
28
132
204

score 8 · Accepted Answer · answered Oct 13 '16 at 04:33

8

--token

By default, kubeadm init automatically generates the token used to initialise each new node. If you would like to manually specify this token, you can use the --token flag. The token must be of the format ‘<6 character string>.<16 character string>’.

you can see token value on master node using command:

cat /etc/kubernetes/pki/tokens.csv

answered Oct 13 '16 at 04:33

pl_rock

14,054
3
30
33

Thanks! Yeah, just after I posted this I re-read the guide and this time noticed the `--token` flag. That will work for this solution. I though I had checked that `tokens.csv` file but upon re-inspection you are right! Thank you! – vallard Oct 13 '16 at 04:49
1

Can't verify that. The files contains a string, but nothing there is in token format. – erikbstack Apr 04 '17 at 12:33
1

Show master token: 'kubeadm token list' – Joshua Mar 11 '19 at 03:04
7

there isnt such a file – Efrat Levitan Dec 05 '19 at 20:39

score 4 · Answer 4 · answered Mar 07 '17 at 20:24

4

kubectl -n kube-system get secret clusterinfo -o yaml | grep token-map | awk '{print $2}' | base64 -d | sed "s|{||g;s|}||g;s|:|.|g;s/\"//g;" | xargs echo

answered Mar 07 '17 at 20:24

feisan

192
6

This should be the solution. But instead of the sed block I'd write `awk -F\" '{print $2 "." $4}'`because it's a little more readable. – erikbstack Apr 04 '17 at 12:41
what is clusterinfo. how can i find that, because i am seeing an error that says "secrets" clusterinfo is not found. – sbolla Dec 22 '17 at 11:35
4

same here v1.8.5 - no clusterinfo secret – Gal Nitzan Dec 23 '17 at 14:47
`sudo kubeadm token list | awk 'NR == 2 {print $1}'` – Herve Meftah Jul 05 '19 at 09:14

score 3 · Answer 5 · edited Aug 03 '19 at 22:04

3

Try to create new as per below command as initial token is valid only 24 hours.

kubeadm token create  --ttl=0

Here ttl=0 means, generated token will never expire.

Then join node as per below command:

kubeadm join <generated_token>

If you get any error for verifying ca hash, then join as per below:

kubeadm join <generated_token> --discovery-token-unsafe-skip-ca-verification

edited Aug 03 '19 at 22:04

David Maze

130,717
29
175
215

answered Dec 03 '18 at 02:53

k''

702
1
8
19

score 2 · Answer 6 · edited Sep 10 '19 at 05:25

2

Best way to avoid creating new token is -

kubeadm token list
kubeadm token create <copied token from previous command output>** --print-join-command

you will get JOIN command to run on any physical/vitual machine to join kubernetes cluster....

edited Sep 10 '19 at 05:25

Ali Tou

2,009
2
18
33

answered Mar 13 '19 at 14:21

Abhishek Jain

3,815
2
26
26

3

False. This will error with "a token with id 'xxxx' already exists" – Brad Solomon Apr 21 '21 at 23:13

score -2 · Answer 7 · edited Sep 26 '19 at 17:42

-2

Use this command : $ sudo kubeadm token list

Still, if you did not get, use following commands

$ sudo kubeadm reset
$ sudo kubeadm init

edited Sep 26 '19 at 17:42

Juan Caicedo

1,425
18
31

answered Sep 26 '19 at 16:00

Srininvasa Chary

23
2

1

No... If you don't see any available token, maybe it's timed out. Create another one, not resetting the whole cluster. Create token with `kubeadm token create --print-join-command`. – Lam Le Feb 24 '21 at 04:56
Seriously - I cannot believe "reset if it does not work" is even an answer. – ad22 Apr 09 '21 at 18:42

Can't find kubeadm token after initializing master

7 Answers7