K8S多master节点更换证书
以下命令master节点均需要执行
1.备份
cp -a /etc/kubernetes{,.bak}
cp -a /var/lib/kubelet{,.bak}
cp -a /var/lib/etcd /var/lib/etcd.bak
2.生成kubeadm-config
kubectl -n kube-system get cm kubeadm-config -o yaml > kubeadm-config-20240521.yaml
3.刷新证书到期时间再续一年
kubeadm certs renew all --config=./kubeadm.yaml
4.初始化配置文件
rm -rf /etc/kubernetes/*.conf
kubeadm init phase kubeconfig all --config=kubeadm.yaml
5.更新配置
echo 'yes'|cp -i /etc/kubernetes/admin.conf .kube/config
chown $(id -u):$(id -g) .kube/config
6.删除组件pod,否则证书还是用的旧的#此条命令在一个master节点上执行就可以了
kubectl -n kube-system delete po -l 'component=kube-apiserver'
kubectl -n kube-system delete po -l 'component=kube-controller-manager'
kubectl -n kube-system delete po -l 'component=kube-scheduler'
kubectl -n kube-system delete po -l 'component=etcd'
7.重启kubelet.service
systemctl restart kubelet.service
也可借鉴此文章进行更新:https://www.zhihu.com/question/585519314