kubernetes删除和重新加入node节点

一、删除node节点

[root@master69 kubernetes]# kubectl get nodes
NAME             STATUS     ROLES    AGE   VERSION
master69         NotReady   master   47h   v1.18.5
redis-01.hlqxt   NotReady   <none>   46h   v1.18.5
[root@master69 kubernetes]# kubectl delete node redis-01.hlqxt
node "redis-01.hlqxt" deleted

二、在node节点执行kubeadm reset

[root@redis-01 flannel]# kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W0111 16:32:16.985116   11098 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get node registration: failed to get corresponding node: nodes "redis-01.hlqxt" not found
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0111 16:32:18.814716   11098 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[root@redis-01 flannel]# 

systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/

ifconfig cni0 down

ifconfig flannel.1 down

ip link delete cni0
ip link delete flannel.1

##重启kubelet 
systemctl restart kubelet 
##重启docker 
systemctl restart docker

三、node节点执行kubeadm join 重新加入

执行之前，现在master节点上是否还有有效的token

[root@master69 kubernetes]# kubeadm token list
[root@master69 kubernetes]# 

没有有效的token，token有效期为24小时

在master节点上创建一个token

[root@master69 kubernetes]# kubeadm token create 
W0111 16:34:42.278107   12805 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
9d04vy.kglqq0l7i5jo90e4

获取CA证书公钥的hash值

[root@master69 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //'
(stdin)= 6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07

再利用新的token和公钥hash，在node节点上执行加入节点命令

[root@redis-01 flannel]# kubeadm join 172.28.18.69:6443 --token 9d04vy.kglqq0l7i5jo90e4     --discovery-token-ca-cert-hash sha256:6010baa60fc234e60cb353a54b4179afd3205cd6b4fc15f415117a77b6d8ac07
W0111 16:36:52.261975   11945 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@redis-01 flannel]# 

在master节点查询node

[root@master69 kubernetes]# kubectl get nodes
NAME             STATUS     ROLES    AGE    VERSION
master69         NotReady   master   47h    v1.18.5
redis-01.hlqxt   Ready      <none>   4m3s   v1.18.5

node节点已加入