kubeadm token create --print-join-command

要打印 * 新工作节点 * 的join命令，请用途：

• kubeadm token create --print-join-command

但是如果你需要加入一个 * 新的控制平面节点 *，你需要为控制平面join命令重新创建一个新的密钥。
1.使用kubeadm init phase upload-certs --upload-certs在已经工作的主节点中重新上载证书。这将生成一个新的证书密钥。
1.使用kubeadm token create --print-join-command在已经工作的主节点中打印join命令。
1.使用$JOIN_COMMAND_FROM_STEP2 --control-plane --certificate-key $KEY_FROM_STEP1加入新的控制平面节点。
这可能不适用于旧的Kubernetes版本，但我尝试了新版本，它对我有效。

To create kubeadm join command, please run the following commands:

Step 1 - Retrieve Token CA Hash:

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \
    | openssl rsa -pubin -outform der 2>/dev/null \
    | openssl dgst -sha256 -hex \
    | sed 's/^.* //'

This command will provide you public key.

Step 2 - Retrieve bootstrap Tokens:

kubeadm token list

This will print all tokens, so copy the token value under TOKEN with the description "The default bootstrap token generated by kubeadm init ."

Step 3 - Creates kubeadm init command:

Now use following syntax to create join command without creating a new token:

kubeadm join <ip-address>:6443\
    --token=<token-from-step-2> \
    --discovery-token-ca-cert-hash sha256:<ca-hash-from-step-1>

kubeadm token create command creates a new token, in this case without any description, so for you not to create any additional tokens, just pick the token which has a DESCRIPTION as mentioned in Step 2.

在主节点计算机上运行以下命令。

kubeadm token create --print-join-command

此命令将生成新令牌以及join命令，您可以在工作节点上使用该命令加入集群。

在@Abhishek Jain的答案的基础上，这里有一个脚本，在jq的帮助下打印kubeadm join命令：

# get the join command from the kube master
CERT_HASH=$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt \
| openssl rsa -pubin -outform der 2>/dev/null \
| openssl dgst -sha256 -hex \
| sed 's/^.* //')
TOKEN=$(kubeadm token list -o json | jq -r '.token' | head -1)
IP=$(kubectl get nodes -lnode-role.kubernetes.io/master -o json \
| jq -r '.items[0].status.addresses[] | select(.type=="InternalIP") | .address')
PORT=6443
echo "sudo kubeadm join $IP:$PORT \
--token=$TOKEN --discovery-token-ca-cert-hash sha256:$CERT_HASH"

If you are joining control plane nodes, you will need a certificate key in the command too:

kubeadm token create \
--print-join-command \
--certificate-key \
$(kubeadm alpha certs certificate-key)

The kubeadm alpha certs certificate-key command will generate a new certificate key on demand as per the documentation here
To Join a worker node, the command kubeadm token create --print-join-command given in the accepted answer is sufficient

Here is a bash script that automate this task

read -p 'master ip address : ' ipaddr
sha_token = "$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //')"
token = "$(kubeadm token list | awk '{print $1}' | sed -n '2 p')"
echo "kubeadm join $ipaddr:6443 --token=$token --discovery-token-ca-cert-hash sha256:$sha_token"