手动生成kubeadm token用于加入新的worker节点
Posted qq59c521a6cf6be
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了手动生成kubeadm token用于加入新的worker节点相关的知识,希望对你有一定的参考价值。
[root@master01 ~]# kubeadm token create --ttl 0 --print-join-command
kubeadm join 192.168.1.200:6443 --token yuhbun.lrc4ey0zwmkn4w7l --discovery-token-ca-cert-hash sha256:8f1a983fec0cefe98a635f713941df1e31d7c97f0eb3eb0d8604e32ffc812058
临时移除一个worker node,可以运行:
[root@master01 ~]# kubectl drain node2 --delete-local-data --force --ignore-daemonsets
Flag --delete-local-data has been deprecated, This option is deprecated and will be deleted. Use --delete-emptydir-data.
node/node2 cordoned
WARNING: deleting Pods not managed by ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet: default/pod-with-env; ignoring DaemonSet-managed Pods: kube-system/kube-flannel-ds-6r5cs, kube-system/kube-proxy-6jvsk
evicting pod default/pod-with-env
pod/pod-with-env evicted
node/node2 drained
[root@master01 ~]# kubectl delete nodes node2
node "node2" deleted
加回节点
- 在节点上stop kubelet service
[root@node2 ~]# systemctl stop kubelet
- 在节点上运行kubeadm reset
[root@node2 ~]# kubeadm reset
[reset] WARNING: Changes made to this host by kubeadm init or kubeadm join will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0506 22:00:19.279193 7702 removeetcdmember.go:80] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]
The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d
The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.
If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your systems IPVS tables.
The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[root@node2 ~]# rm -rf /etc/cni/net.d/
[root@node2 ~]# iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
[root@node2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@node2 ~]#
[root@node2 ~]# kubeadm join 192.168.1.200:6443 --token yuhbun.lrc4ey0zwmkn4w7l --discovery-token-ca-cert-hash sha256:8f1a983fec0cefe98a635f713941df1e31d7c97f0eb3eb0d8604e32ffc812058
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with kubectl -n kube-system get cm kubeadm-config -o yaml
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run kubectl get nodes on the control-plane to see this node join the cluster.
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane,master 3d1h v1.22.3
node1 Ready <none> 3d1h v1.22.3
node2 Ready <none> 56s v1.22.3
以上是关于手动生成kubeadm token用于加入新的worker节点的主要内容,如果未能解决你的问题,请参考以下文章