一、删除node节点
[root@master69 kubernetes]# kubectl get nodes NAME STATUS ROLES AGE VERSION master69 NotReady master 47h v1.18.5 redis-01.hlqxt NotReady <none> 46h v1.18.5 [root@master69 kubernetes]# kubectl delete node redis-01.hlqxt node "redis-01.hlqxt" deleted
二、在node节点执行kubeadm reset
[root@redis-01 flannel]# kubeadm reset [reset] Reading configuration from the cluster... [reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' W0111 16:32:16.985116 11098 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get node registration: failed to get corresponding node: nodes "redis-01.hlqxt" not found [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted. [reset] Are you sure you want to proceed? [y/N]: y [preflight] Running pre-flight checks W0111 16:32:18.814716 11098 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory [reset] No etcd config found. Assuming external etcd [reset] Please, manually reset etcd to prevent further issues [reset] Stopping the kubelet service [reset] Unmounting mounted directories in "/var/lib/kubelet" [reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki] [reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf] [reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni] The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d The reset process does not reset or clean up iptables rules or IPVS tables. If you wish to reset iptables, you must do so manually by using the "iptables" command. If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar) to reset your system's IPVS tables. The reset process does not clean your kubeconfig files and you must remove them manually. Please, check the contents of the $HOME/.kube/config file. [root@redis-01 flannel]#
systemctl stop kubelet systemctl stop docker rm -rf /var/lib/cni/ rm -rf /var/lib/kubelet/* rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ip link delete cni0
ip link delete flannel.1
##重启kubelet
systemctl restart kubelet
##重启docker
systemctl restart docker
三、node节点执行kubeadm join 重新加入
执行之前,现在master节点上是否还有有效的token
[root@master69 kubernetes]# kubeadm token list
[root@master69 kubernetes]#
没有有效的token,token有效期为24小时
在master节点上创建一个token
[root@master69 kubernetes]# kubeadm token create W0111 16:34:42.278107 12805 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] 9d04vy.kglqq0l7i5jo90e4
获取CA证书公钥的hash值
[root@master69 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //' (stdin)= 6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07
再利用新的token和公钥hash,在node节点上执行加入节点命令
[root@redis-01 flannel]# kubeadm join 172.28.18.69:6443 --token 9d04vy.kglqq0l7i5jo90e4 --discovery-token-ca-cert-hash sha256:6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07 W0111 16:36:52.261975 11945 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set. [preflight] Running pre-flight checks [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster. [root@redis-01 flannel]#
在master节点查询node
[root@master69 kubernetes]# kubectl get nodes NAME STATUS ROLES AGE VERSION master69 NotReady master 47h v1.18.5 redis-01.hlqxt Ready <none> 4m3s v1.18.5
node节点已加入