kubernetes集群节点的移除与加入

1、如何从集群中移除Node

如果需要从集群中移除slave3这个Node，执行下面的命令：

在master节点上执行：

#先查看下node情况

[root@master] ~$ kubectl get node
NAME               STATUS   ROLES    AGE    VERSION
master.hanli.com   Ready    master   3d7h   v1.13.0
slave1.hanli.com   Ready       3d7h   v1.13.0
slave2.hanli.com   Ready       3d7h   v1.13.0
slave3.hanli.com   Ready       3d7h   v1.13.0

#查看下pod情况

[root@master] ~$ kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP           NODE               NOMINATED NODE   READINESS GATES
curl-66959f6557-r4crd    1/1     Running   1          6m32s   10.244.2.7   slave2.hanli.com              
nginx-58db6fdb58-5wt7p   1/1     Running   0          3d6h    10.244.1.4   slave1.hanli.com              
nginx-58db6fdb58-7qkfn   1/1     Running   0          3d6h    10.244.3.2   slave3.hanli.com              

#封锁node，排干node上的pod
[root@master] ~$ kubectl drain slave3.hanli.com --delete-local-data --force --ignore-daemonsets
node/slave3.hanli.com cordoned
WARNING: Ignoring DaemonSet-managed pods: kube-flannel-ds-amd64-8hhsb, kube-proxy-6vjcb; Deleting pods with local storage: monitoring-grafana-8445c4b56d-j2wfl
pod/monitoring-grafana-8445c4b56d-j2wfl evicted
pod/nginx-58db6fdb58-7qkfn evicted
node/slave3.hanli.com evicted

此时node状态如下
[root@master1] ~$ kubectl get nodes
NAME                STATUS                     ROLES    AGE   VERSION
master1.hanli.com   Ready                      master   17h   v1.13.0
master2.hanli.com   Ready                      master   17h   v1.13.0
master3.hanli.com   Ready                      master   16h   v1.13.0
slave3.hanli.com    Ready,SchedulingDisabled      16h   v1.13.0

#然后删除slave3节点
[root@master] ~$ kubectl delete node slave3.hanli.com
node "slave3.hanli.com" deleted

#查看node已经没有slave3了
[root@master1] ~$ kubectl get nodes
NAME                STATUS                     ROLES    AGE   VERSION
master1.hanli.com   Ready                      master   17h   v1.13.0
master2.hanli.com   Ready                      master   17h   v1.13.0
master3.hanli.com   Ready                      master   16h   v1.13.0

#原来在slave3上的pod已经调度到slave2
[root@master] ~$ kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP           NODE               NOMINATED NODE   READINESS GATES
curl-66959f6557-r4crd    1/1     Running   1          8m34s   10.244.2.7   slave2.hanli.com              
nginx-58db6fdb58-5wt7p   1/1     Running   0          3d6h    10.244.1.4   slave1.hanli.com              
nginx-58db6fdb58-bhmcv   1/1     Running   0          55s     10.244.2.8   slave2.hanli.com              

你还需要在slave3上执行：

# 重置，其中有一句提醒你：如果你使用的是外部etcd，你需要手动删除etcd数据，这意味着如果使用相同的etcd端点再次运行kubeadm init，您将看到先前集群的状态。
[root@slave2] ~$ kubeadm reset
[reset] WARNING: changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] are you sure you want to proceed? [y/N]: y
[preflight] running pre-flight checks
[reset] no etcd config found. Assuming external etcd
[reset] please manually reset etcd to prevent further issues
[reset] stopping the kubelet service
[reset] unmounting mounted directories in "/var/lib/kubelet"
[reset] deleting contents of stateful directories: [/var/lib/kubelet /etc/cni/net.d /var/lib/dockershim /var/run/kubernetes]
[reset] deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]

ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/

2、重新使node加入集群

使节点加入集群的命令格式是kubeadm join --token : --discovery-token-ca-cert-hash sha256:

如果我们忘记了Master节点的token，可以使用下面的命令来查看：

[root@master] ~$ kubeadm token list
TOKEN     TTL       EXPIRES   USAGES    DESCRIPTION   EXTRA GROUPS

默认情况下，token的有效期是24小时，如果token已经过期的话，可以使用以下命令重新生成：

[root@master] ~$ kubeadm token create
sek6z6.knv9grhe9ggvtts0

如果你找不到–discovery-token-ca-cert-hash的值，可以使用以下命令生成：

[root@master] ~$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
7845e6615fcae889eedd6fe55174d904ddd4d3ca5257f04c4438cc67cf06ba58

除了上面通过两次命令找token和hash，也可以直接一次性执行如下命令来获取：

kubeadm token create --print-join-command 

现在登录到工作节点服务器，然后用root权限运行如下命令加入集群

[root@slave3] /var/lib/cni$ kubeadm join 192.168.255.130:6443 --token sek6z6.knv9grhe9ggvtts0 --discovery-token-ca-cert-hash sha256:7845e6615fcae889eedd6fe55174d904ddd4d3ca5257f04c4438cc67cf06ba58

# 稍等即可看到节点已加入
[root@master] ~$ kubectl get nodes 
NAME               STATUS   ROLES    AGE     VERSION
master.hanli.com   Ready    master   3d10h   v1.13.2
slave1.hanli.com   Ready       3d10h   v1.13.2
slave2.hanli.com   Ready       3d10h   v1.13.2
slave3.hanli.com   Ready       85s     v1.13.2

如何从集群中移除master？

清除etcd中k8s的数据

[root@master1] ~$ etcdctl --cacert=/etc/etcd/pki/ca.pem --cert=/etc/etcd/pki/server.pem --key=/etc/etcd/pki/server-key.pem --endpoints=https://192.168.255.131:2379 del /registry --prefix
353