k8s节点中入集群报错:couldn't validate the identity of the API Server

1, node节点再加入k8s集群时报错。

[root@centos38 ~]# kubeadm join centos34:6443 --token brilgr.4gtm8kwcgc2kssdl     --discovery-token-ca-cert-hash sha256:6f8c864b3771bda0272e95c7192d6e70ab36a0d97061f902
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.7. Latest validated version: 19.03
error execution phase preflight: couldn't validate the identity of the API Server: expected a 32 byte SHA-256 hash, found 24 bytes
To see the stack trace of this error execute with --v=5 or higher

经查资料，一说是，可以再命令 kubeadmin join 后面加参数 --v=5或是--v=6，或是 查看令牌情况，是否过期，但是显示不可能，master节点才建好不到2个小时。 

2，实在没办法，就查看token后，删除再重建一个。
[root@centos34 ~]# kubeadm token list


TOKEN                                TTL         EXPIRES                                 USAGES                   DESCRIPTION                                                EXTRA          GROUPS
brilgr.4gtm8kwcgc2kssdl   22h         2021-11-15T16:52:45+08:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token
[root@centos34 ~]#

3，删除令牌。

[root@centos34 ~]# kubeadm token delete brilgr.4gtm8kwcgc2kssdl
bootstrap token "brilgr" deleted

4，重新建一个。
[root@centos34 ~]# kubeadm token create --print-join-command
kubeadm join centos34:6443 --token 042axq.l0gpbliny86npy41     --discovery-token-ca-cert-hash sha256:6f8c864b3771bda0272e95c7192d6e70ab36a0d97061f90213788b9438bfbfb5
[root@centos34 ~]#

5，到节点主机，重新加入集群。

[root@centos35 ~]# kubeadm join centos34:6443 --token 042axq.l0gpbliny86npy41     --discovery-token-ca-cert-hash sha256:6f8c864b3771bda0272e95c7192d6e70ab36a0d97061f90213788b9438bfbfb5
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.7. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...


This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.


Run 'kubectl get nodes' on the control-plane to see this node join the cluster.



6，检查节点是否加入，测试是正常的。
[root@centos34 ~]# kubectl get nodes
NAME       STATUS   ROLES                  AGE    VERSION
centos34   Ready    control-plane,master   107m   v1.20.9
centos35   Ready    <none>                 32s    v1.20.9
centos38   Ready    <none>                 111s   v1.20.9

7，总结： 

      原因： 可能是节点主机的时间不准，最开始与master的节点时区不一样，有时差。

然后就直接使用kubeadmin join 命令，然后就出现怪问题了，别的节点也没法加入，一样报错。

最后重建 token，解决问题。