从节点加入集群时，报错证书过期，完整报错如下：

error execution phase preflight: couldn't validate the identity of the API Server: Get https://10.10.10.10:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: x509: certificate has expired or is not yet valid
To see the stack trace of this error execute with --v=5 or higher

报错原因两种可能：

1、时间错误

本地时间错误同样会导致证书过期报错，请检查本地时间是否正确，同步时间命令
ntpdate ntp1.aliyun.com

|---|-------------------------| | 1 | ntpdate ntp1.aliyun.com |

2、token过期

主节点重新生成token及hash
kubeadm token create openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

|-----|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 | kubeadm token create openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' |

从节点重新执行kubeadm join（自行替换命令中的token及sha256）
kubeadm join 10.10.10.10:6443 --token fzv2cb.cdlgd2b4yivwpued --discovery-token-ca-cert-hash sha256:d537f87c47c9015fea3a708571dbdc5c27d921ef3e826ff67dbc0ed6d49280e4

|---|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 | kubeadm join 10.10.10.10:6443 --token fzv2cb.cdlgd2b4yivwpued --discovery-token-ca-cert-hash sha256:d537f87c47c9015fea3a708571dbdc5c27d921ef3e826ff67dbc0ed6d49280e4 |