容器技术 · 2023年12月7日 0

K8s重置etcd节点

一、前期准备

1、下载etcd

ETCD_VER=v3.4.28

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GITHUB_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download && mkdir -p /tmp/etcd-download

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

/tmp/etcd-download/etcd --version
/tmp/etcd-download/etcdctl version

2、备份etcd,每个master节点都备份一下

# 配置获取证书的目录
ETCD_PATH=/etc/kubernetes/pki
CACERT=$ETCD_PATH/etcd/ca.crt
CERT=$ETCD_PATH/etcd/server.crt
KEY=$ETCD_PATH/etcd/server.key

# 备份目录
BACKUP_DIR=/cloud/data1/backup/etcd
[ ! -d ${BACKUP_DIR} ] && mkdir -p ${BACKUP_DIR}

# 本机的etcd地址
ENDPOINTS=https://127.0.0.1:2379

ETCDCTL=/tmp/etcd-download/etcdctl

ETCDCTL_API=3 ${ETCDCTL} \
--cacert="${CACERT}" --cert="${CERT}" --key="${KEY}" \
--endpoints=${ENDPOINTS} \
snapshot save ${BACKUP_DIR}/snapshot-`date +%Y%m%d%H%M%S`.db

二、删除etcd节点,假设为node1

# 查看etcd节点
ETCDCTL_API=3 ${ETCDCTL} --endpoints ${ENDPOINTS} --cacert="${CACERT}" --cert="${CERT}" --key="${KEY}" \
--endpoints=${ENDPOINTS} member list

# 找到要删除的etcd节点对应的hash值并删除
ETCDCTL_API=3 ${ETCDCTL} --endpoints ${ENDPOINTS} --cacert="${CACERT}" --cert="${CERT}" --key="${KEY}" \
--endpoints=${ENDPOINTS} member remove xxxxxxxxxxx

# Master上删除节点
kubectl drain node1 --ignore-daemonsets --delete-emptydir-data && kubectl delete node node1

# node1上重置k8s节点
kubeadm reset

三、重新加人etcd节点

# 生成新的cert key
kubeadm init phase upload-certs --upload-certs
# 打印节点加入命令
kubeadm token create --print-join-command

# 将Master上k8s证书传到node1
cd /etc/kubernetes/pki/
scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key  node1:/etc/kubernetes/pki/
scp etcd/ca.crt etcd/ca.key node1:/etc/kubernetes/pki/etcd/

# Master节点join命令拼接 --control-plane --certificate-key "新cert key"
# Node1上执行拼接成的join命令
kubeadm join 10.10.71.202:6443 --token jsw26o.geae3uv8i7omj05tp --discovery-token-ca-cert-hash sha256:a373d62bfdfa7c617aweawgwefr3r23rwegceccbc838fb83c5e1c04c10c57be34e2810f81 --control-plane --certificate-key ere34t3trgerhgset54423423ser

# Master节点上查看node1加入状态
kubectl get nodes

# Master节点上查看etcd状态
kubectl get pod -A |grep etcd

标签:

您可能还喜欢...

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注