近期因为ip地址洁癖,需要将一个在线的k8s集群地址替换成另一个顺序地址。过程记录如下:
- 思路:
- 1、修改nfs服务器配置,允许新ip访问
- 2、停一台master 服务器,改IP,重新加入集群做master
- 3、重复操作直到master节点全部更换ip
- 4、停止部分node,修改ip,加入集群。
- 5、停止剩下的node,修改ip,加入集群
删除主节点 (master 主机执行)
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 195d v1.17.1
k8s-worker1 Ready <none> 194d v1.17.1
k8s-worker2 Ready <none> 194d v1.17.1
k8s-worker3 Ready <none> 181d v1.17.1
k8s-worker4 Ready master 181d v1.17.1
k8s-worker5 Ready <none> 181d v1.17.1
k8s-worker6 Ready master 181d v1.17.1
# kubectl drain k8s-worker6 --delete-local-data --force --ignore-daemonsets
kubectl drain k8s-worker6 --delete-local-data --force --ignore-daemonsets
node/k8s-worker6 cordoned
node/k8s-worker6 drained
# kubectl delete node k8s-worker6
node "k8s-worker6" deleted
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 195d v1.17.1
k8s-worker1 Ready <none> 194d v1.17.1
k8s-worker2 Ready <none> 194d v1.17.1
k8s-worker3 Ready <none> 181d v1.17.1
k8s-worker4 Ready master 181d v1.17.1
k8s-worker5 Ready <none> 181d v1.17.1
删除失效的etcd (master 主机执行)
# docker exec -it $(docker ps -f name=etcd_etcd -q) /bin/sh
etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key member list
75586071aa4f50d0, started, k8s-master, https://10.25.207.74:2380, https://10.25.207.74:2379, false
8beff87c2c833c9d, started, k8s-worker4, https://10.25.207.78:2380, https://10.25.207.78:2379, false
ae6c4d540db7935b, started, k8s-worker6, https://10.25.207.80:2380, https://10.25.207.80:2379, false
在容器中将这台服务器从 etcd 集群中移除
etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key member remove ae6c4d540db7935b
重置本机k8环境 ( 变更主机执行)
kubeadm reset
新ip后更换hostname ( 变更主机执行)
export server=k8s-master3
hostnamectl --static set-hostname $server;hostnamectl --transient set-hostname $server
k8s master 获取证书 (master 主机执行)
# kubeadm init phase upload-certs --upload-certs
[upload-certs] Using certificate key:
cb7e8c0b643963eca9bcfa90d35390cc3de8d38398e0ea354e25311f380c86ea
# kubeadm token create --print-join-command
kubeadm join apiserver.k8s.com:6443 --token yu6jh8.g4xl2a3nbgr9jo52 --discovery-token-ca-cert-hash sha256:9fc7ce12374c9b1cc87b4acef89682d3a5bc57ccb48f04fa9e4693609e4bb46d
加入集群 ( 变更主机执行)
kubeadm join apiserver.k8s.com:6443 --token yu6jh8.g4xl2a3nbgr9jo52 \
--discovery-token-ca-cert-hash sha256:9fc7ce12374c9b1cc87b4acef89682d3a5bc57ccb48f04fa9e4693609e4bb46d \
--control-plane --certificate-key 5feca6f707cd03d4329a9fb4b598bd14ec886413dc41f1e06b81acf7ddd0ff8f \
--v=5
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 195d v1.17.1
k8s-master3 Ready master 40s v1.17.1
k8s-worker1 Ready <none> 195d v1.17.1
k8s-worker2 Ready <none> 195d v1.17.1
k8s-worker3 Ready <none> 182d v1.17.1
k8s-worker4 Ready master 182d v1.17.1
k8s-worker5 Ready <none> 182d v1.17.1
更换节点IP
删除节点
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 26d v1.17.1
k8s-master2 Ready master 26d v1.17.1
k8s-master3 Ready master 27d v1.17.1
k8s-worker1 Ready <none> 222d v1.17.1
k8s-worker2 Ready <none> 222d v1.17.1
k8s-worker3 Ready <none> 209d v1.17.1
k8s-worker5 Ready <none> 209d v1.17.1
删除节点
[root@k8s-master ~]# kubectl delete nodes k8s-worker5
node "k8s-worker5" deleted
[root@k8s-master ~]# kubectl delete nodes k8s-worker3
node "k8s-worker3" deleted
被删除节点上清除数据
ssh k8s-worker5
kubeadm reset
rm -rf /etc/cni/net.d
rm -rf $HOME/.kube/config
rm -rf /etc/kubernetes/
加入节点
kubeadm token create --print-join-command
kubeadm join apiserver.k8s.com:6443 --token of5d4s.jdr4bho8uhg0yjax --discovery-token-ca-cert-hash sha256:9fc7ce12374c9b1cc87b4acef89682d3a5bc57ccb48f04fa9e4693609e4bb46d