K8S多master节点更换证书

以下命令master节点均需要执行

1.备份

cp -a /etc/kubernetes{,.bak}
cp -a /var/lib/kubelet{,.bak}
cp -a /var/lib/etcd /var/lib/etcd.bak

2.生成kubeadm-config

kubectl -n kube-system get cm kubeadm-config -o yaml > kubeadm-config-20240521.yaml

3.刷新证书到期时间再续一年

kubeadm certs renew all --config=./kubeadm.yaml

4.初始化配置文件

rm -rf /etc/kubernetes/*.conf
kubeadm init phase  kubeconfig all --config=kubeadm.yaml

5.更新配置

echo 'yes'|cp -i /etc/kubernetes/admin.conf .kube/config
chown $(id -u):$(id -g) .kube/config

6.删除组件pod,否则证书还是用的旧的#此条命令在一个master节点上执行就可以了

kubectl -n kube-system delete po -l 'component=kube-apiserver'
kubectl -n kube-system delete po -l 'component=kube-controller-manager'
kubectl -n kube-system delete po -l 'component=kube-scheduler'
kubectl -n kube-system delete po -l 'component=etcd'

7.重启kubelet.service

systemctl restart kubelet.service

也可借鉴此文章进行更新:https://www.zhihu.com/question/585519314

posted @ 2024-05-21 11:14  caibutou  阅读(159)  评论(0编辑  收藏  举报