删除一个主节点后，etcd 变得不健康，我正在寻找解决方法

Question

最后我终于找到了解决办法。

首先，您需要附加到任意 etcd pod 来删除仍然保留在 etcd 集群中的已删除的主节点，并确保集群最终是健康的。

**List current nodes to get failed node id**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member list
55ab807fd1dc1d4: name=ae1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.233.42.22:2380 clientURLs=https://10.233.42.22:2379 isLeader=false
3da60ac5e6f29b0e: name=pdc-prd-lnxstginvt01.ubisoft.org peerURLs=https://10.0.1.31:2380 clientURLs=https://10.0.1.31:2379 isLeader=false
d13a6c20fbb32f2d: name=ne1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.136.66.170:2380 clientURLs=https://10.136.66.170:2379 isLeader=true

**Remove the dead one**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member remove 55ab807fd1dc1d4
Removed member 55ab807fd1dc1d4 from cluster

**Verify it is removed**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member list
3da60ac5e6f29b0e: name=pdc-prd-lnxstginvt01.ubisoft.org peerURLs=https://10.0.1.31:2380 clientURLs=https://10.0.1.31:2379 isLeader=false
d13a6c20fbb32f2d: name=ne1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.136.66.170:2380 clientURLs=https://10.136.66.170:2379 isLeader=true

其次，kube-public 命名空间中有一个名为 kubeadm-config 的配置映射，它仍将已删除的主节点记为 api 端点之一。这将阻止您在检查 etcd 集群健康状态阶段加入新的主节点，因为 kubeadm 将读取该配置映射并将已删除的节点作为要检查的 etcd 节点。因此，将该命名空间导出到 yaml 文件，编辑该文件并将其应用回去以将其从 api 端点列表中删除。

kubectl get configmap kubeadm-config -n kube-system -o yaml
apiVersion: v1
data:
  …
  ClusterStatus: |
    apiEndpoints:
      ae1-prd-lnxstgivt01.ubisoft.org:
        advertiseAddress: 10.233.42.22
        bindPort: 6443
      ne1-prd-lnxstgivt01.ubisoft.org:
        advertiseAddress: 10.136.66.170
        bindPort: 6443
      pdc-prd-lnxstginvt01.ubisoft.org:
        advertiseAddress: 10.0.1.31
        bindPort: 6443
    apiVersion: kubeadm.k8s.io/v1beta1
    kind: ClusterStatus
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: …

测试版本：1.14.3

Answer 1

最后我终于找到了解决办法。

首先，您需要附加到任意 etcd pod 来删除仍然保留在 etcd 集群中的已删除的主节点，并确保集群最终是健康的。

**List current nodes to get failed node id**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member list
55ab807fd1dc1d4: name=ae1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.233.42.22:2380 clientURLs=https://10.233.42.22:2379 isLeader=false
3da60ac5e6f29b0e: name=pdc-prd-lnxstginvt01.ubisoft.org peerURLs=https://10.0.1.31:2380 clientURLs=https://10.0.1.31:2379 isLeader=false
d13a6c20fbb32f2d: name=ne1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.136.66.170:2380 clientURLs=https://10.136.66.170:2379 isLeader=true

**Remove the dead one**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member remove 55ab807fd1dc1d4
Removed member 55ab807fd1dc1d4 from cluster

**Verify it is removed**
/ # etcdctl --endpoint=https://10.0.1.31:2379 --ca-file=/etc/kubernetes/pki/etcd/ca.crt --cert-file=/etc/kubernetes/pki/etcd/peer.crt --key-file=/etc/kubernetes/pki/etcd/peer.key member list
3da60ac5e6f29b0e: name=pdc-prd-lnxstginvt01.ubisoft.org peerURLs=https://10.0.1.31:2380 clientURLs=https://10.0.1.31:2379 isLeader=false
d13a6c20fbb32f2d: name=ne1-prd-lnxstgivt01.ubisoft.org peerURLs=https://10.136.66.170:2380 clientURLs=https://10.136.66.170:2379 isLeader=true

其次，kube-public 命名空间中有一个名为 kubeadm-config 的配置映射，它仍将已删除的主节点记为 api 端点之一。这将阻止您在检查 etcd 集群健康状态阶段加入新的主节点，因为 kubeadm 将读取该配置映射并将已删除的节点作为要检查的 etcd 节点。因此，将该命名空间导出到 yaml 文件，编辑该文件并将其应用回去以将其从 api 端点列表中删除。

kubectl get configmap kubeadm-config -n kube-system -o yaml
apiVersion: v1
data:
  …
  ClusterStatus: |
    apiEndpoints:
      ae1-prd-lnxstgivt01.ubisoft.org:
        advertiseAddress: 10.233.42.22
        bindPort: 6443
      ne1-prd-lnxstgivt01.ubisoft.org:
        advertiseAddress: 10.136.66.170
        bindPort: 6443
      pdc-prd-lnxstginvt01.ubisoft.org:
        advertiseAddress: 10.0.1.31
        bindPort: 6443
    apiVersion: kubeadm.k8s.io/v1beta1
    kind: ClusterStatus
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: …

测试版本：1.14.3

删除一个主节点后，etcd 变得不健康，我正在寻找解决方法

答案1

相关内容