$ kubeadm join --discovery-token-unsafe-skip-ca-verification --token ***************** --node-name kube-node013 myk8s.cluster.com:6443
...
"I0129 14:05:18.090145 24010 kernel_validator.go:81] Validating kernel version",
"I0129 14:05:18.090274 24010 kernel_validator.go:96] Validating kernel config",
"\t[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 17.12.1-ce. Max validated version: 17.03",
"\t[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'",
"configmaps \"kubelet-config-1.11\" is forbidden: User \"system:bootstrap\" cannot get configmaps in the namespace \"kube-system\""
# --> kubelet-config-1.11(dynamic config를 위해 준비한 kubelet config)
# role, rolebinding만들어줌
cat <<EOF > kubelet-bootsrap-role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: kube-system
name: kubelet-bootstrap
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps"]
verbs: ["get", "watch", "list"]
cat <<EOF > kubelet-bootstrap-rolebinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubeadm:kubelet-bootstrap
namespace: kube-system
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:bootstrappers:kubeadm:default-node-token
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubelet-bootstrap
# role, rolebinding 생성
$ kubectl apply -f kubelet-bootstrap-role.yaml
$ kubectl apply -f kubelet-bootstrap-rolebinding.yaml
