Kubernetes node join workflow¶

The Kubernetes node join workflow is the process of adding new worker or control-plane nodes to an existing cluster.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Prerequisites¶

Before a node can join the cluster, the target machine must have the Kubernetes packages installed and the host environment configured.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md] This includes ensuring kubelet, kubeadm, and kubectl are installed and that the kubelet service is running.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md] Additionally, system settings such as disabling swap and configuring the Container Network Interface (CNI) bridge settings (e.g., net.bridge.bridge-nf-call-iptables) must be verified.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Network firewall rules must also be configured to allow communication between the master and worker nodes.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md] The container runtime (e.g., Docker) must be configured with the correct Cgroup driver (typically systemd) to match the Kubernetes configuration.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Generating the join command¶

The join process is initiated on the control-plane node (master). The administrator uses kubeadm to generate a bootstrap command that securely embeds the necessary credentials and endpoint information.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

The command to generate the join instructions is:

kubeadm token create --print-join-command

^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

The output of this command provides the complete kubeadm join string required to add a node to the cluster.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Joining the node¶

Once the command is generated, it must be executed on the target node with root privileges.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

The standard syntax for the join command is:

kubeadm join <control-plane-host>:<port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>

^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

<control-plane-host>:<port>: The address of the API server, often defined by the cluster-endpoint during initialization.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]
--token: A bootstrap token used for authentication.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]
--discovery-token-ca-cert-hash: A hash of the CA certificate to validate the connection to the control plane (preventing Man-in-the-Middle attacks).^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Verification¶

After the join command completes, the status of the node can be verified from the master node using kubectl.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

For example, to list all nodes:

[kubectl](<./kubectl.md>) get nodes

^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

Initially, a new node may appear in a NotReady state.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md] The node typically transitions to Ready only after the [[Cluster Networking|CNI plugin]] (e.g., Flannel) is successfully deployed and operational on the node.^[400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md]

[[kubeadm]]
[[Cluster Networking]]
[[Bootstrap token]]

Sources¶

400-devops-06-kubernetes-k8s-learning-00install-01-kubernetes.md

Kubernetes node join workflow¶

Prerequisites¶

Generating the join command¶

Joining the node¶

Verification¶

Related Concepts¶

Sources¶