kubeadm搭建的集群

修改之前节点信息如下:

  1. # kubectl get node
  2. NAME         STATUS   ROLES    AGE   VERSION
  3. k8s-master   Ready    master   95d   v1.17.2
  4. k8s-node01   Ready    node01   95d   v1.17.2
  5. k8s-node02   Ready    node02   95d   v1.17.2

(1)、修改主机名

  1. hostnamectl set-hostname k8s-node03

(2)、删除node节点

  1. kubectl delete nodes k8s-node02

(3)、在删除的Node节点上重置节点

  1. kubeadm reset

(4)、在master节点上查看token是否存在(默认24小时过期)

  1. kubeadm token list

(5)、如果token不存在则创建token

  1. # kubeadm token create
  2. 4u4w7j.qv34axysi783i7wg

(6)、获取ca证书sha256编码hash值

  1. # openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  2. d0d8bc0728a15007638f3ff4f047b3ef8b6359fd0dc3cf409efe94147cb32e32

(7)、在删除的Node节点执行kubeadm join加入集群

  1. kubeadm join 10.1.10.128:6443 --token cq7ufd.t05znkzrnrinosjn \
  2.      --discovery-token-ca-cert-hash sha256:b7f7676bf5af4ce251f96390d70e1158f01ddfaa2767f9734b03e238a5b6a798 \
  3.      --node-name k8s-node03

(8)、在master上查看是否已经加入

  1. # kubectl get node
  2. NAME         STATUS   ROLES    AGE     VERSION
  3. k8s-master   Ready    master   95d     v1.17.2
  4. k8s-node01   Ready    node01   95d     v1.17.2
  5. k8s-node03   Ready    <none>   3m19s   v1.17.2

(9)、给node节点加标签(按需)

  1. kubectl label nodes k8s-node03 node-role.kubernetes.io/node03=

(10)、查看集群Node信息

  1. # kubectl get node
  2. NAME         STATUS   ROLES    AGE     VERSION
  3. k8s-master   Ready    master   95d     v1.17.2
  4. k8s-node01   Ready    node01   95d     v1.17.2
  5. k8s-node03   Ready    node03   4m12s   v1.17.2

二进制搭建的集群

将host1改为master

(1)、修改系统主机名

  1. hostnamectl set-hostname master

(2)、修改kubelet启动参数

  1. --hostname-override=master

重启kubelet服务

  1. systemctl restart kubelet

查看kubelet日志

  1. journalctl -xe -u kubelet

会看到如下报错

  1. Mar 23 13:15:27 master kubelet[13508]: E0323 13:15:27.320556   13508 kubelet_node_status.go:106] Unable to register node "master" with API server: nodes "master" is forbidden: node "host1" cannot modify node "master"

(3)、停止kubelet服务并删除节点

  1. systemctl stop kubelet
  2. kubectl delete node host1

(4)、删除kubelet.kubeconfig,kubelet.key,kubelet.crt,kubelet-client.key和kubelet-client.crt

  1. rm -f /etc/kubernetes/kubelet.kubeconfig
  2. rm -f /etc/kubernetes/ssl/kubelet*

(5)、重启kubelet

  1. ystemctl restart kubelet

(6)、查看证书状态

  1. # kubectl get csr
  2. NAME                                                   AGE       REQUESTOR           CONDITION
  3. node-csr-GIAqC5LBI_7c6TlMW8wugv_TlHfs1CShZhnEyLgxvSI   1m        kubelet-bootstrap   Pending

(7)、允许证书

  1. kubectl certificate approve node-csr-GIAqC5LBI_7c6TlMW8wugv_TlHfs1CShZhnEyLgxvSI

(8)、再次查看证书状态

  1. # kubectl get csr
  2. NAME                                                   AGE       REQUESTOR           CONDITION
  3. node-csr-GIAqC5LBI_7c6TlMW8wugv_TlHfs1CShZhnEyLgxvSI   1m        kubelet-bootstrap   Approved,Issued

(9)、查看节点状态

  1. kubectl get node