https://my.oschina.net/u/3390908/blog/1649764
删除所有节点的boot证书
[root@lab1 ~]# rm -rf /etc/kubernetes/kubelet.conf
[root@lab1 ~]# rm -rf /etc/kubernetes/pki/kubelet*
停掉node节点的kubelet
[root@lab3 ~]# systemctl stop kubelet
重启所有节点的kubelet,
[root@lab1 ~]# systemctl restart kubelet
获取csr
[root@lab1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-W8jDxg0LEZZw6U8V1WudhEBRP0qt4ybPSJ-P8XfDzlo 7s kubelet-bootstrap Pending
node-csr-rgnoMPuDdtvfoogsY_zbf1R3KMU_B8M8cBv75AHw8fE 10s kubelet-bootstrap Pending
node-csr-vO6qQvzlI974qUHXVpPu6kMP4eBfKMcBECwqY7xWYu4 17s kubelet-bootstrap Pending
通过证书请求
[root@lab1 ~]# kubectl certificate approve node-csr-W8jDxg0LEZZw6U8V1WudhEBRP0qt4ybPSJ-P8XfDzlo
[root@lab1 ~]# kubectl certificate approve node-csr-rgnoMPuDdtvfoogsY_zbf1R3KMU_B8M8cBv75AHw8fE
[root@lab1 ~]# kubectl certificate approve node-csr-vO6qQvzlI974qUHXVpPu6kMP4eBfKMcBECwqY7xWYu4
设置集群角色
# 设置 lab1 为 master
kubectl label nodes 10.1.1.8 node-role.kubernetes.io/master=
# 设置 lab2 lab3 为 node
kubectl label nodes 10.1.1.68 node-role.kubernetes.io/node=
kubectl label nodes 10.1.1.111 node-role.kubernetes.io/node=
# 设置 master 一般情况下不接受负载
kubectl taint nodes 10.1.1.8 node-role.kubernetes.io/master=true:NoSchedule
# 查看节点
# 此时节点状态为 NotReady
kubectl get no
[root@lab1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
lab1 Ready <none> 15m v1.11.0
lab2 Ready <none> 14m v1.11.0
lab3 Ready <none> 14m v1.11.0
6、实在不行从新配置下三个节点的kubelet