背景
思路
遇到的问题:
由于集群中安装了kubesphere后,由kubeadm生成的cr被kubesphere的ks-install覆盖了,不能使用网上的传统的kubeadm导出配置文件,添加ip,重新应用至集群这种方法失效。
解决思路:
查阅RTFM可以使用参数--apiserver-cert-extra-sans解决
实施
root@k8s-master01:/etc/kubernetes/pki
openssl x509 -in apiserver.crt -noout -text
X509v3 Subject Alternative Name:
DNS:k8s-master01, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0.1, IP Address:10.17.3.154,
集群中已无kubeadm相关资源
root@k8s-master01:~
root@k8s-master01:~
clusterconfigurations cc installer.kubesphere.io/v1alpha1 true ClusterConfiguration
这里输出的APIVERSION字段应该是kubeadm的,但被ks覆盖掉了
先移除证书
mkdir -pv /tmp/api-certs;mv /etc/kubernetes/pki/apiserver.{crt,key} /tmp/api-certs/
kubeadm init phase certs apiserver --apiserver-cert-extra-sans "10.17.3.79"
验证
root@k8s-master01:~
X509v3 Subject Alternative Name:
DNS:k8s-master01, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0.1, IP Address:10.17.3.154, IP Address:10.17.3.79
删除apiserver pod等待自动重建来实现重启
kubectl delete pod kube-apiserver-k8s-master01 -n kube-system
LB上配置监听端口,后端服务器组,后端服务器组业务端口
kubeadm join 10.17.3.79:43 --token 3y1wwy.ga3xxvjvh --discovery-token-ca-cert-hash sha256:624d766924e944ece611574aec334xx8d2f5 --node-name=10.17.3.42 --control-plane --certificate-key 2aecf278f5a16e244a707xxx028dbd13be22b84a7c1 --v=9
验证
root@k8s-master01:~
10.17.3.42 Ready control-plane 5d21h v1.30.3 10.17.3.42 <none> Ubuntu 18.04.3 LTS 4.15.0-70-generic containerd://1.7.20
reference
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/
https:///weixin_44070095/article/details/1254708