Kubernetes-生产维护

目录

• 添加新的Node节点
• 宿主机维护

---

添加新的Node节点

• 添加Node节点

kubeadm join --token [TOKEN] 10.3.14.193:6443 --discovery-token-ca-cert-hash sha256:[SHA256]

• TOKEN获取

kubeadm token list
#: 每个token只有24小时的有效期，如果没有有效的token，可以使用如下命令创建
kubeadm token create

• SHA256加密字符串

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

• 示例

kubeadm join 10.250.101.60:6443 --token dh2qiz.dx4zqwyc3d3vywpu \
--discovery-token-ca-cert-hash sha256:c7d2044ddae029968d3aa0f1045b641667589bca330b0d2965ce74521881d722

宿主机维护

• Node节点标记为污点

trnuser@k8s:~$ kubectl describe nodes k8s
Name:               k8s
Roles:              master
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=k8s
                    kubernetes.io/os=linux
                    node-role.kubernetes.io/master=
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    projectcalico.org/IPv4Address: 10.250.101.60/24
                    projectcalico.org/IPv4IPIPTunnelAddr: 10.244.77.0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Tue, 23 Feb 2021 14:31:39 +0800
Taints:             node-role.kubernetes.io/master:NoSchedule  ##污点

• 污点标记

kubectl cordon node1

• 去除污点

kubectl uncordon node1

• 驱逐pod

kubectl drain node1
注：会删除本地pod，无法删除daemonsets
kubectl drain node1 --ignore-daemonsets --delete-local-data