红帽全球峰会5.4. 正常重新引导节点
Windows Machine Config Operator (WMCO) 尽可能最小化节点重启。但是,某些操作和更新需要重新引导,以确保正确且安全地应用更改。要安全地重新引导 Windows 节点,请使用安全重启过程。有关安全重新引导标准 OpenShift Container Platform 节点的详情,请参考节点文档中的"正常引导节点"。
在重启节点前,建议备份 etcd 数据以避免该节点上出现数据丢失。
对于需要用户执行 oc login 命令而不是 kubeconfig 文件中的证书来管理集群的单节点 OpenShift 集群,oc adm 命令在封锁并排空节点后可能无法使用。这是因为 openshift-oauth-apiserver pod 没有运行,因为 cordon。您可以使用 SSH 访问节点,如以下步骤所示。
在单节点 OpenShift 集群中,在封锁和排空时无法重新调度 Pod。但是,这样做会为 pod(特别是您的工作负载 pod)提供一定的时间来正确停止和释放相关资源。
流程
执行节点正常重启:
将节点标记为不可调度:
oc adm cordon <node1>
$ oc adm cordon <node1>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 排空节点以删除所有正在运行的 pod:
oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --force
$ oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --forceCopy to Clipboard Copied! Toggle word wrap Toggle overflow 您可能会收到与自定义 pod 中断预算(PDB)关联的 pod 无法被驱除的错误。
错误示例
error when evicting pods/"rails-postgresql-example-1-72v2w" -n "rails" (will retry after 5s): Cannot evict pod as it would violate the pod's disruption budget.
error when evicting pods/"rails-postgresql-example-1-72v2w" -n "rails" (will retry after 5s): Cannot evict pod as it would violate the pod's disruption budget.Copy to Clipboard Copied! Toggle word wrap Toggle overflow 在这种情况下,再次运行 drain 命令,添加
disable-eviction标记,这将绕过 PDB 检查:oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --force --disable-eviction
$ oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --force --disable-evictionCopy to Clipboard Copied! Toggle word wrap Toggle overflow SSH 到 Windows 节点,并运行以下命令来输入 PowerShell:
powershell
C:\> powershellCopy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令重启节点:
Restart-Computer -Force
C:\> Restart-Computer -ForceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Amazon Web Services (AWS) 上的 Windows 节点不会因为 EC2 实例元数据路由和主机网络服务(HNS)网络不一致而在安全重启后返回
READY状态。重启后,通过 SSH 到 AWS 上的任何 Windows 节点,并在 shell 提示符中运行以下命令来添加路由:
route add 169.254.169.254 mask 255.255.255.0 <gateway_ip>
C:\> route add 169.254.169.254 mask 255.255.255.0 <gateway_ip>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 其中:
169.254.169.254- 指定 EC2 实例元数据端点的地址。
255.255.255.255- 指定 EC2 实例元数据端点的网络掩码。
<gateway_ip>运行以下命令,在 Windows 实例中指定网关的对应 IP 地址,您可以找到该地址:
ipconfig | findstr /C:"Default Gateway"
C:\> ipconfig | findstr /C:"Default Gateway"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
重启完成后,运行以下命令将节点标记为可以调度:
oc adm uncordon <node1>
$ oc adm uncordon <node1>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 验证节点是否已就绪:
oc get node <node1>
$ oc get node <node1>Copy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
NAME STATUS ROLES AGE VERSION <node1> Ready worker 6d22h v1.18.3+b0068a8
NAME STATUS ROLES AGE VERSION <node1> Ready worker 6d22h v1.18.3+b0068a8Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}