重置csr
重置csr
注意:下面操作仅在刚安装k8s后24小时内有效 分析:kubelet启动后会生成如下文件。kubelet.conf文件决定了csr的存在,如果要想重新获取csr,可以停掉kubelet,删除kubelet.conf文件,重启kubelet就可以获得csr ls -l /etc/kubernetes/kubelet.conf ls -l /etc/kubernetes/pki/kubelet* [root@test2 ~]# ls -l /etc/kubernetes/kubelet.conf -rw------- 1 root root 2295 Jan 22 10:07 /etc/kubernetes/kubelet.conf [root@test2 ~]# ls -l /etc/kubernetes/pki/kubelet* -rw------- 1 root root 1273 Jan 22 10:07 /etc/kubernetes/pki/kubelet-client-2019-01-22-10-07-06.pem lrwxrwxrwx 1 root root 58 Jan 22 10:07 /etc/kubernetes/pki/kubelet-client-current.pem -> /etc/kubernetes/pki/kubelet-client-2019-01-22-10-07-06.pem -rw-r--r-- 1 root root 2181 Jan 22 02:10 /etc/kubernetes/pki/kubelet.crt -rw------- 1 root root 1675 Jan 22 02:10 /etc/kubernetes/pki/kubelet.key 查看目前所有csr [root@test1 ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 55m kubelet-bootstrap Approved,Issued node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY 28m kubelet-bootstrap Approved,Issued 删除node1节点csr [root@test1 ~]# kubectl delete csr node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY certificatesigningrequest.certificates.k8s.io "node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY" deleted [root@test1 ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 57m kubelet-bootstrap Approved,Issued 停掉该节点的kubelet [root@lab3 ~]# systemctl stop kubelet 删除该节点的kubelet.conf文件 [root@lab1 ~]# rm -rf /etc/kubernetes/kubelet.conf 重启该节点的kubelet [root@lab1 ~]# systemctl restart kubelet 查看csr [root@test1 kubernetes]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 1h kubelet-bootstrap Approved,Issued node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY 25s kubelet-bootstrap Pending 参照文档: https://my.oschina.net/u/3390908/blog/1649764