我有一台机器作为 Kubernetes 主节点运行。它也是集群中的一个节点。我想停止所有主节点的工作,并将其保留为可以在其他地方加入的节点。我对它还有以下限制:
- 没有互联网访问(所以我无法从存储库加载软件)。
- “主”当前配置为不在子网上所以我实际上无法与它对话(原样)
kubectl。
我希望我可以使用systemctl stop一些服务(例如,etcd和kube-{apiserver,controller-manager,scheduler}/或一些docker容器,就是这样。(当然还要加上kubeadm reset并运行新的加入脚本。)但在这个阶段,我甚至不知道systemctl stop服务是否会阻止docker容器运行,反之亦然。
(当然,如果为了将其完全“重置”为一个普通节点,除了kubeadm reset删除配置文件之外还需要做更多的事情,也请解释一下。)
[Kubernetes v1.11.10,Ubuntu 16.04]
(如果,为了回答这个问题,你需要知道我是如何被卡住的,我可以编辑这个答案来添加这一点,但此时在我看来,没有必要回答,而且这很乏味。)
(此外,请不要建议重新开始,包括重新建立互联网连接 - 例如加载软件 - 因为那是不可能发生的。)
答案1
我已经在 Kubernetes v1.15.3 上测试了这种情况。
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:05:50Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
kubeadm reset我已经在主节点上完成。
$ kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
[reset] Removing info for node "instance-1" from the ConfigMap "kubeadm-config" in the "kube-system" Namespace
W0821 11:34:26.923767 22594 removeetcdmember.go:61] [reset] failed to remove etcd member: error syncing endpoints with etc: etcdclient: no available endpoints
.Please manually remove this etcd member using etcdctl
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/etcd /var/lib/kubelet /etc/cni/net.d /var/lib/dockershim /var/run/kubernetes]
The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually.
For example:
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.
The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
根据建议,我已刷新 iptables 并删除$HOME/.kube/目录。
之后,我使用以下命令将服务器作为工作节点加入到另一个集群kubeadm join:
$ kubeadm join 10.128.15.232:6443 --token <CUT> --discovery-token-ca-cert-hash sha256:<CUT>
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
这似乎工作得很好,正如文档中解释的那样kubeadm 重置。
运行此命令可恢复“kubeadm init”或“kubeadm join”对此主机所做的任何更改
“reset”命令执行以下阶段:
preflight Run reset pre-flight checks update-cluster-status Remove this node from the ClusterStatus object. remove-etcd-member Remove a local etcd member. cleanup-node Run cleanup node.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
instance-1 Ready <none> 5m36s v1.15.3
node2 Ready master 18m v1.15.3
如果你将 k8s 升级到 v1.15.0,则可以使用kubeadm reset phase。
命令旨在使 kubeadm 更加模块化。这种模块化使您能够调用重置过程的原子子步骤。因此,您可以让 kubeadm 完成一些部分,并在需要自定义的地方自行填写。
kubeadm reset phase符合 kubeadm reset 工作流程,且幕后都使用相同的代码。