k8s控制节点etcd删除并重新加入
作者:互联网
1.删除etcd节点
cd /root/etcd-v3.4.13-linux-amd64 cp etcd* /usr/local/bin # 查看etcd节点 [root@master etcd-v3.4.13-linux-amd64]# ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key member list 9754d4208fa9e54b, started, master, https://192.168.1.10:2380, https://192.168.1.10:2379, false b3688cea7fb0bfd6, started, pod1, https://192.168.1.11:2380, https://192.168.1.11:2379, false # 找到pod1对应的hash值并删除 [root@master etcd-v3.4.13-linux-amd64]# ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key member remove b3688cea7fb0bfd6 Member b3688cea7fb0bfd6 removed from cluster cbd4e4d0a63d294d # 查看 [root@master etcd-v3.4.13-linux-amd64]# ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key member list 9754d4208fa9e54b, started, master, https://192.168.1.10:2380, https://192.168.1.10:2379, false
2.etcd节点重新加入k8s
# 1.加入集群命令:master上执行 [root@master etcd-v3.4.13-linux-amd64]# kubeadm token create --print-join-command kubeadm join 192.168.1.20:16443 --token 2q0q3r.kmd36rm0vuuc1kcv --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 # 2.master 执行: [root@master etcd-v3.4.13-linux-amd64]# kubectl delete nodes pod1 node "pod1" deleted # 3.pod1上执行,被删除etcd的节点上执行 [root@pod1 ~]# kubeadm reset # 4.将master上kubernetes证书传到pod1 [root@master pki]# scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key pod1:/etc/kubernetes/pki/ ca.crt 100% 1066 498.4KB/s 00:00 ca.key 100% 1679 1.5MB/s 00:00 sa.key 100% 1675 1.6MB/s 00:00 sa.pub 100% 451 553.5KB/s 00:00 front-proxy-ca.crt 100% 1078 1.1MB/s 00:00 front-proxy-ca.key [root@pod1 ~]# cd /etc/kubernetes/pki/ [root@master etcd]# scp ca.crt ca.key pod1:/etc/kubernetes/pki/etcd/ ca.crt 100% 1058 921.3KB/s 00:00 ca.key # 在pod1上执行如下命令,把节点加入k8s集群,充当控制节点: [root@pod1 pki]#kubeadm join 192.168.1.20:16443 --token 2q0q3r.kmd36rm0vuuc1kcv --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 --control-plane [root@master etcd]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 4d2h v1.20.7 pod1 Ready control-plane,master 54s v1.20.7 pod2 Ready <none> 3d14h v1.20.7
标签:pki,key,--,ca,重新加入,master,etcd,k8s 来源: https://www.cnblogs.com/yangmeichong/p/16464574.html