一、首先在master上生成新的token
[root@node1 ~]# kubeadm token create --print-join-command
W1111 17:50:25.985706 292853 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join apiserver.cluster.local:6443 --token sc2ty3.ej38ceisi5lmt9ad --discovery-token-ca-cert-hash sha256:42bf6e526b795854b61b7c0ca875f9a8292b989d44f0f51a4d8dec450711b89e
二、在master上生成用于新master加入的证书
[root@node1 ~]# kubeadm init phase upload-certs --upload-certs
I1111 17:50:52.634857 293705 version.go:252] remote version is much newer: v1.19.3; falling back to: stable-1.18
W1111 17:50:53.498664 293705 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
c5c77a2b5989c75c0ec98fae91f771c569e5764523fd8daa102a1cb074c07e2f
三、添加新节点
1、添加新node节点
[root@node3 ~]kubeadm join apiserver.cluster.local:6443 --token sc2ty3.ej38ceisi5lmt9ad --discovery-token-ca-cert-hash sha256:42bf6e526b795854b61b7c0ca875f9a8292b989d44f0f51a4d8dec450711b89e
2、添加新master节点,把红色部分加到--experimental-control-plane --certificate-key后。
[root@node2 ~]kubeadm join apiserver.cluster.local:6443 --token sc2ty3.ej38ceisi5lmt9ad \
--discovery-token-ca-cert-hash sha256:42bf6e526b795854b61b7c0ca875f9a8292b989d44f0f51a4d8dec450711b89e \
--control-plane --certificate-key c5c77a2b5989c75c0ec98fae91f771c569e5764523fd8daa102a1cb074c07e2f
四、删除node节点
(1)驱逐这个node节点上的pod
# kubectl drain node2 --delete-local-data --force --ignore-daemonsets
检查节点状态,被标记为不可调度节点
# kubectl get nodes
(2)删除这个node节点
kubectl delete node node2
(3)在node06这个节点上执行如下命令:
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker
systemctl start kubelet