今天上线查看集群状态发现
NAME STATUS ROLES AGE VERSION master Ready master 15h v1.18.2 node1 Ready <none> 15h v1.18.2 node2 NotReady <none> 15h v1.18.2
node节点上服务状态正常
初步估计集群网络问题
现在需要删除node节点重新加入集群
初始化node节点,重新加入集群
1 驱逐在这个节点上的pod
kubectl drain node2 --delete-local-data --force --ignore-daemonsets
2 master节点上删除node节点
kubectl delete nodes node2
3 在node2这个节点上执行如下命令
kubeadm reset systemctl stop kubelet systemctl stop docker rm -rf /var/lib/cni/ rm -rf /var/lib/kubelet/* rm -rf /etc/cni/ ifconfig cni0 down ifconfig flannel.1 down ifconfig docker0 down ip link delete cni0 ip link delete flannel.1 systemctl start docker systemctl start kubelet
目前来说node节点就已经完成初始化了
4 重新加入集群
因为token-24h有效,所以分两种情况
查看token有效期
[root@master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS gjqah1.aj468pie9xvqb7x2 <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token zlghc0.i33nxeq8frn2rg48 7h 2021-05-12T20:48:51+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
1 token有效时间内,直接加入集群
kubeadm join 192.168.178.100:6443 --token zlghc0.i33nxeq8frn2rg48 \ --discovery-token-ca-cert-hash sha256:e05e806f531c21c83276b40ea549f7cf2b3993765a2797927c21b9bd49336e81
2 token过期,生成新的token加入集群
kubeadm token create #重新生成新的token
kubeadm token list #再次查看当前的token列表
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
返回值就是token的hash值
使用新的命令加入集群
kubeadm join 192.168.178.100:6443 --token zlghc0.i33nxeq8frn2rg48(新的token名) –discovery-token-ca-cert-hash sha256:e05e806f531c21c83276b40ea549f7cf2b3993765a2797927c21b9bd49336e81(token的hash值)
