今天上线查看集群状态发现
NAME STATUS ROLES AGE VERSION
master Ready master 15h v1.18.2
node1 Ready <none> 15h v1.18.2
node2 NotReady <none> 15h v1.18.2
node节点上服务状态正常
初步估计集群网络问题
现在需要删除node节点重新加入集群
初始化node节点,重新加入集群
1 驱逐在这个节点上的pod
kubectl drain node2 --delete-local-data --force --ignore-daemonsets
2 master节点上删除node节点
kubectl delete nodes node2
3 在node2这个节点上执行如下命令
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker
systemctl start kubelet
目前来说node节点就已经完成初始化了
4 重新加入集群
因为token-24h有效,所以分两种情况
查看token有效期
[root@master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
gjqah1.aj468pie9xvqb7x2 <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
zlghc0.i33nxeq8frn2rg48 7h 2021-05-12T20:48:51+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
1 token有效时间内,直接加入集群
kubeadm join 192.168.178.100:6443 --token zlghc0.i33nxeq8frn2rg48 \
--discovery-token-ca-cert-hash sha256:e05e806f531c21c83276b40ea549f7cf2b3993765a2797927c21b9bd49336e81
2 token过期,生成新的token加入集群
kubeadm token create #重新生成新的token
kubeadm token list #再次查看当前的token列表
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
返回值就是token的hash值
使用新的命令加入集群
kubeadm join 192.168.178.100:6443 --token zlghc0.i33nxeq8frn2rg48(新的token名)
–discovery-token-ca-cert-hash sha256:e05e806f531c21c83276b40ea549f7cf2b3993765a2797927c21b9bd49336e81(token的hash值)