How to Join a Worker Node to Your Kubernetes Cluster

To join a worker node (e.g., main02) to your Kubernetes cluster, you need to use the kubeadm join command. This command was generated when you initialized the control-plane node (master-node). If you don’t have the command anymore, you can regenerate it.

Here’s how to join the worker node to the cluster:

---

Step 1: Prepare the Worker Node

Ensure the worker node (main02) meets the following requirements:

1. Same Kubernetes Version: Install the same version of kubeadm, kubelet, and kubectl as the control-plane node.
2. Container Runtime: Install and configure containerd or docker.
3. Disable Swap: Disable swap on the worker node:

   sudo swapoff -a
   sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

---

Step 2: Get the Join Command

If you still have the kubeadm join command from when you initialized the control-plane node, skip to Step 3. Otherwise, regenerate the join command on the control-plane node (master-node):

Option 1: Regenerate the Join Command

Run the following command on the control-plane node:

kubeadm token create --print-join-command

Example Output:

kubeadm join 203.0.113.10:6443 --token abcdef.0123456789abcdef \
  --discovery-token-ca-cert-hash sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Option 2: Use an Existing Token

If you already have a token, you can generate the --discovery-token-ca-cert-hash manually:

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

Combine the token and hash to form the kubeadm join command:

kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>

---

Step 3: Run the Join Command on the Worker Node

On the worker node (main02), run the kubeadm join command you obtained in Step 2:

sudo kubeadm join 203.0.113.10:6443 --token abcdef.0123456789abcdef \
  --discovery-token-ca-cert-hash sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

---

Step 4: Verify the Worker Node

After the worker node joins the cluster, verify its status from the control-plane node:

kubectl get nodes

Expected Output:

NAME          STATUS   ROLES           AGE   VERSION
master-node   Ready    control-plane   10m   v1.29.0
main02        Ready    <none>          1m    v1.29.0

---

Step 5: Assign a Role to the Worker Node

By default, the worker node has no role. Assign the worker role for clarity:

kubectl label node main02 node-role.kubernetes.io/worker=worker

Verify the roles:

kubectl get nodes

Expected Output:

NAME          STATUS   ROLES           AGE   VERSION
master-node   Ready    control-plane   10m   v1.29.0
main02        Ready    worker          1m    v1.29.0

---

Troubleshooting

If the worker node fails to join:

1. Check Logs:

• On the worker node, check the kubelet logs:
  bash sudo journalctl -u kubelet -n 100 --no-pager
• On the control-plane node, check the kube-apiserver logs:
  bash sudo journalctl -u kubelet -n 100 --no-pager | grep kube-apiserver

1. Firewall Rules:

• Ensure the following ports are open between the control-plane and worker nodes:
  • Control-Plane: 6443 (API server), 2379-2380 (etcd), 10250-10252 (kubelet).
  • Worker Node: 10250 (kubelet), 30000-32767 (NodePort range).

1. Token Expiry:

• If the token has expired, generate a new one:
  bash kubeadm token create --print-join-command

---

Final Notes

• Ensure the worker node has the same Kubernetes version as the control-plane node.
• If you’re using a CNI plugin (e.g., Calico, Flannel), ensure it’s installed and functioning on the worker node.
• For production clusters, consider using multiple worker nodes for high availability.

Let me know if you need further assistance! 🚀