How to Change IP on Kubernetes node.

In this tutorial I will show you how you can change th IP of the Kubernetes Nodes and Workers.

On a Kubernetes cluster ther is a component called kube-apiserver. The kube-apiserver need to know the ip address on which to advertise the apiserver (--apiserver-advertise-address) to members of the cluster. At the kubeadm init there is a phase when the kubeadm generate self-signed certificate for the apiserver valid for the node ips and the ip of the loadbalancer if configures (--control-plane-endpoint). If the ip of the node or the loadbalancer (this is the external ip in a cloud environment) change the certificate is no longer valid for that and the kubectl won’t connect.

The soulution is to reinit the kubernetes cluster with the new ip and keeping the data of the etcd. The kubernetes keep all the objects and states in the etcd database.

Backup the data on the master

systemctl stop kubelet docker

mv /etc/kubernetes /etc/kubernetes-backup
mv /var/lib/kubelet /var/lib/kubelet-backup

Preper for the new Cluster

Create the new folderstructure and restore the needed certificates.

mkdir /etc/kubernetes
cp -r /etc/kubernetes-backup/pki /etc/kubernetes
rm -f /etc/kubernetes/pki/{apiserver.*,etcd/peer.*}
rm -f ~/.kube/config

Now we can reinit control plane node with data in etcd using command below.

systemctl start docker

echo 'KUBELET_EXTRA_ARGS="--node-ip="' > /etc/sysconfig/kubelet

# add --kubernetes-version, --pod-network-cidr and --token options if needed
kubeadm init --control-plane-endpoint "" --apiserver-advertise-address "" \

cp kubernetes/admin.conf ~/.kube/config

# Verify resutl
kubectl cluster-info

# wait for some time and delete old node
sleep 120
kubectl get nodes --sort-by=.metadata.creationTimestamp
kubectl delete node $(kubectl get nodes -o jsonpath='{.items[?(@.status.conditions[0].status=="Unknown")]}')

Now reset the worker to kubernete cluster and change the ip in the config.

kubeadm reset

echo 'KUBELET_EXTRA_ARGS="--node-ip="' > /etc/sysconfig/kubelet

Get the join token from the master and use this on the workers to rejoin to the master.

kubeadm token create --print-join-command