证书过期失效:
Unable to connect to the server: x509: certificate has expired or is not yet valid
更新证书:
1、查看证书是否过期
cd /etc/kubernetes/pki openssl x509 -in apiserver.crt -noout -text |grep ' Not ' # 查看是否过期 kubeadm alpha certs check-expiration #检查k8s环境证书是否过期
2、更新证书
(1) 备份一下 /etc /kubernetes /pki 目录下的所有文件
(2)更新证书
kubeadm alpha certs renew all
(3)查看证书有效期是否更新
openssl x509 -in apiserver.crt -noout -text |grep ' Not '
3、在master节点上将/etc/kubernetes目录下的所有配置文件备份
4、更新用户配置
kubeadm alpha kubeconfig user --client-name=admin kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin > /etc/kubernetes/admin.conf kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf
5、用更新后的admin.conf替换/root/.kube/config文件
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
6、重启所有master节点(如果有多个master节点的话)上的apiserver、kube-controller-manager、k8s_etcd_etcd和scheduler四个系统组件
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd'|xargs docker restart
7、更新jenkins服务器adminconfig.conf配置(如果有jenkins发布的话)
修改jenkins的helm配置文件adminconfig.conf
环境变量
export KUBECONFIG=/opt/helm/kubeconfig/adminconfig.conf
kubernets 证书10年
https://mp.weixin.qq.com/s/PZMA8IMopxTJlV3R0fVPBg
https://blog.51cto.com/u_13963804/6055113
