Join worker nodes#
Joining worker nodes is pretty much the exact same process as with k0s in general. You need a join token that enables mutual trust between the worker and controller(s) and which allows the node to join the cluster as worker.
Join Tokens#
To get a token, create a JoinTokenRequest resource:
apiVersion: k0smotron.io/v1beta1
kind: JoinTokenRequest
metadata:
name: my-token
namespace: default
spec:
clusterRef:
name: my-cluster
namespace: default
The JoinTokenRequest resource will be processed by the controller and a Secret will be created:
apiVersion: v1
kind: Secret
metadata:
name: my-token
namespace: default
labels:
k0smotron.io/cluster: my-cluster.default
k0smotron.io/role: worker
k0smotron.io/token-request: my-token
type: Opaque
data:
token: <base64-encoded-token>
The token field contains the base64-encoded token that can be used to join a worker node to the cluster.
To get the decoded token you can use:
kubectl get secret my-token -o jsonpath='{.data.token}' | base64 -d
Join nodes#
First you need to get the k0s binary on the node:
curl -sSLf https://get.k0s.sh | sudo sh
The download script accepts the following environment variables:
| Variable | Purpose |
|---|---|
K0S_VERSION=v{{ no such element: dict object['k8s_version'] }}+k0s.0 |
Select the version of k0s to be installed |
DEBUG=true |
Output commands and their arguments at execution. |
Note: Match the k0s version to the version of the control plane you've created.
To join the worker, run k0s in the worker mode with the join token you created:
sudo k0s install worker --token-file /path/to/token/file
sudo k0s start
Invalidating tokens#
You can limit the validity period by setting the expiry field in the JoinTokenRequest resource:
apiVersion: k0smotron.io/v1beta1
kind: JoinTokenRequest
metadata:
name: my-token
namespace: default
spec:
clusterRef:
name: my-cluster
namespace: default
expiry: 1h
To invalidate an issued token, delete the JoinTokenRequest resource:
kubectl delete jointokenrequest my-token