Joining a new master node to a Kubernetes cluster after the initial certs aren't in the config map any more (via kubeadm)

2022-05-04

Upload the certificates to the config map and get the key hash.

kubeadm init phase upload-certs --upload-certs

Output should look like:

[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
<hash>

kubeadm token create --print-join-command

The output will be like this:

kubeadm join <cluster_ip>:6443 --token <token_id> --discovery-token-ca-cert-hash sha256:<hash>

Take that output and add the following parameters.

--control-plane --certificate-key <Hash from Step 1>

If you are running Kuberentes 1.24 or just not using Docker you may need to add a command to use your CRI. This is for containerd:

--cri-socket unix:///run/containerd/containerd.sock