kubernetes刪除和重新加入node節點

一、刪除node節點

[root@master69 kubernetes]# kubectl get nodes
NAME             STATUS     ROLES    AGE   VERSION
master69         NotReady   master   47h   v1.18.5
redis-01.hlqxt   NotReady   <none>   46h   v1.18.5
[root@master69 kubernetes]# kubectl delete node redis-01.hlqxt
node "redis-01.hlqxt" deleted

二、在node節點執行kubeadm reset

[root@redis-01 flannel]# kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W0111 16:32:16.985116   11098 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get node registration: failed to get corresponding node: nodes "redis-01.hlqxt" not found
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0111 16:32:18.814716   11098 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[root@redis-01 flannel]# 

systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/

ifconfig cni0 down

ifconfig flannel.1 down

ip link delete cni0
ip link delete flannel.1

##重啟kubelet 
systemctl restart kubelet 
##重啟docker 
systemctl restart docker

 

三、node節點執行kubeadm join 重新加入

執行之前，現在master節點上是否還有有效的token

[root@master69 kubernetes]# kubeadm token list
[root@master69 kubernetes]# 

沒有有效的token，token有效期為24小時

在master節點上創建一個token

[root@master69 kubernetes]# kubeadm token create 
W0111 16:34:42.278107   12805 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
9d04vy.kglqq0l7i5jo90e4

獲取CA證書公鑰的hash值

[root@master69 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //'
(stdin)= 6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07

再利用新的token和公鑰hash，在node節點上執行加入節點命令

[root@redis-01 flannel]# kubeadm join 172.28.18.69:6443 --token 9d04vy.kglqq0l7i5jo90e4     --discovery-token-ca-cert-hash sha256:6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07
W0111 16:36:52.261975   11945 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@redis-01 flannel]# 

在master節點查詢node

[root@master69 kubernetes]# kubectl get nodes
NAME             STATUS     ROLES    AGE    VERSION
master69         NotReady   master   47h    v1.18.5
redis-01.hlqxt   Ready      <none>   4m3s   v1.18.5

node節點已加入