使用kubeadm重置k8s集群

1.Master 节点和Work节点都需要执行：kubeadm reset

kubeadm reset -hAvailable Commands:alpha       Kubeadm experimental sub-commandscompletion  Output shell completion code for the specified shell (bash or zsh)config      Manage configuration for a kubeadm cluster persisted in a ConfigMap in the clusterhelp        Help about any commandinit        Run this command in order to set up the Kubernetes control plane--建立k8s集群面板join        Run this on any machine you wish to join an existing clusterreset       Performs a best effort revert of changes made to this host by 'kubeadm init' or 'kubeadm join'--执行“kubeadm init”或“kubeadm join”对该主机所做的更改的最大努力还原。token       Manage bootstrap tokensupgrade     Upgrade your cluster smoothly to a newer version with this commandversion     Print the version of kubeadm

在kubeadm已安装的k8s集群进行重置

[root@k8smaster ~]# kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
[reset] Removing info for node "k8smaster" from the ConfigMap "kubeadm-config" in the "kube-system" Namespace
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/etcd /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.dThe reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.

vi kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.19.5
imageRepository: registry.aliyuncs.com/k8sxio
controlPlaneEndpoint: "apiserver.demo:6443"
networking:serviceSubnet: "10.96.0.0/16"podSubnet: "10.100.0.1/16"dnsDomain: "cluster.local"

初始化master节点
使用kubeadm init --config=kubeadm-config.yaml

[root@k8smaster ~]# kubeadm init --config=kubeadm-config.yaml
W0709 16:17:43.494419   56318 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.19.5
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
---使用kubeadm config images pull
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [apiserver.demo k8smaster kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.4.7.30]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8smaster localhost] and IPs [10.4.7.30 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8smaster localhost] and IPs [10.4.7.30 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 18.007843 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.19" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8smaster as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8smaster as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: opy069.qrjw6f0bgj8bzezo
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:kubeadm join apiserver.demo:6443 --token opy069.qrjw6f0bgj8bzezo \--discovery-token-ca-cert-hash sha256:c3f3ddc2c09a2b0ffee03bef3fd06228baa48d0e6c41ef96df65d45f6ed72d88 \--control-planeThen you can join any number of worker nodes by running the following on each as root:kubeadm join apiserver.demo:6443 --token opy069.qrjw6f0bgj8bzezo \--discovery-token-ca-cert-hash sha256:c3f3ddc2c09a2b0ffee03bef3fd06228baa48d0e6c41ef96df65d45f6ed72d88

从节点没有执行kubeadm reset，加入节点，报错

[root@k8sworker ~]# kubeadm join apiserver.demo:6443 --token qn5iq3.yy7pghu3y9feff64     --discovery-token-ca-cert-hash sha256:c3f3ddc2c09a2b0ffee03bef3fd06228baa48d0e6c41ef96df65d45f6ed72d88
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists[ERROR Port-10250]: Port 10250 is in use[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

从节点执行kubeadm reset
新令牌

kubeadm token create --print-join-command

在worker节点加入节点到集群

[root@k8sworker ~]# kubeadm join apiserver.demo:6443 --token opy069.qrjw6f0bgj8bzezo     --discovery-token-ca-cert-hash sha256:c3f3ddc2c09a2b0ffee03bef3fd06228baa48d0e6c41ef96df65d45f6ed72d88
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

添加完查看node

[root@k8smaster ~]# kubectl get node
NAME        STATUS   ROLES    AGE   VERSION
k8smaster   Ready    master   75m   v1.19.5
k8sworker   Ready    <none>   26m   v1.19.5
--修改node的角色
[root@k8smaster ~]# kubectl label node k8sworker kubernetes.io/role=worker1
node/k8sworker labeled
[root@k8smaster ~]# kubectl get node
NAME        STATUS   ROLES     AGE   VERSION
k8smaster   Ready    master    77m   v1.19.5
k8sworker   Ready    worker1   28m   v1.19.5
--更改为其他标签
[root@k8smaster ~]# kubectl label node k8sworker kubernetes.io/role=worker --overwrite
node/k8sworker labeled
[root@k8smaster ~]# kubectl get node
NAME        STATUS   ROLES    AGE   VERSION
k8smaster   Ready    master   84m   v1.19.5
k8sworker   Ready    worker   35m   v1.19.5
--移除角色标签
[root@k8smaster ~]# kubectl label node k8sworker kubernetes.io/role-
node/k8sworker labeled
[root@k8smaster ~]# kubectl get node
NAME        STATUS   ROLES    AGE   VERSION
k8smaster   Ready    master   87m   v1.19.5
k8sworker   Ready    <none>   38m   v1.19.5