[smartslider3 slider=”4″]

1. 添加Node

通过kubeadm初始化后,都会提供node加入的token。

Node节点的配置请参考:

Centos 7.5 kubeadm部署高可用kubernetes集群(1.11.2,HA)

默认token的有效期为24小时,当过期之后,该token就不可用了。

重新生成新的token
## 重新生成新的token
[root@ec-k8s-m1 ~]# kubeadm token create
nb3rlj.35gs34clwr66b9bl

[root@ec-k8s-m1 etc]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
nb3rlj.35gs34clwr66b9bl   23h       2018-10-17T14:09:04+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token
获取ca证书sha256编码hash值
## 获取ca证书sha256编码hash值 
[root@ec-k8s-m1 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

f8b822b4cea0e94390f0dee4e3f51d16987ef1e7b3b1d930c2ea49fe2046c15a
新节点加入集群
## 新节点加入集群
[root@ec-k8s-n3 ~]# kubeadm join api.me:6443 --token nb3rlj.35gs34clwr66b9bl --discovery-token-ca-cert-hash sha256:f8b822b4cea0e94390f0dee4e3f51d16987ef1e7b3b1d930c2ea49fe2046c15a

[preflight] running pre-flight checks
I1016 14:09:50.167302    3081 kernel_validator.go:81] Validating kernel version
I1016 14:09:50.167393    3081 kernel_validator.go:96] Validating kernel config
	[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 17.09.1-ce. Max validated version: 17.03
[discovery] Trying to connect to API Server "api.me:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://api.me:6443"
[discovery] Requesting info from "https://api.me:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "api.me:6443"
[discovery] Successfully established connection with API Server "api.me:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ec-k8s-n3" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to master and a response
  was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

2. 移除Node

## get nodes
[root@ec-k8s-m1 ~]# kubectl get nodes
NAME        STATUS    ROLES     AGE       VERSION
ec-k8s-m1   Ready     master    18d       v1.11.2
ec-k8s-m2   Ready     master    18d       v1.11.2
ec-k8s-n1   Ready     <none>    18d       v1.11.2
ec-k8s-n2   Ready     <none>    18d       v1.11.2
ec-k8s-n3   Ready     <none>    3m        v1.11.2
## 在master节点上执行:
[root@ec-k8s-m1 ~]# kubectl drain ec-k8s-n3 --delete-local-data --force --ignore-daemonsets
node/ec-k8s-n3 cordoned
WARNING: Ignoring DaemonSet-managed pods: calico-node-fm76v, kube-proxy-zlpqk

[root@ec-k8s-m1 ~]# kubectl delete node ec-k8s-n3
node "ec-k8s-n3" deleted
## 在ec-k8s-n3上执行:
kubeadm reset