kubernetes 1.14版本证书过期

kubernetes 1.15版本之后，官方文档有证书过期方式
但是1.14版本及以前的，更新证书经常出现问题，现在整理一下

1 查看证书过期时间

find /etc/kubernetes/pki -name "*.crt"|xargs -I{} openssl x509 -in {} -noout -dates|grep notAfter

2 备份证书

cp -r /etc/kubernetes /etc/kubernetes.bak

3 更新证书
3.1 更新证书

kubeadm config view  > cluster.yaml
kubeadm alpha certs renew all --config cluster.yaml

kubeadm alpha kubeconfig user --client-name=admin
kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin  > /etc/kubernetes/admin.conf
kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf
kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf 

3.2 copy证书

mv ~/.kube ~/.kube.bak
mkdir ~/.kube
cp /etc/kubernetes/admin.conf ~/.kube/config

3.3 重启apiserver容器

docker restart $(docker ps | grep kube-apiserver | grep pause |awk '{print $1}')
docker restart $(docker ps | grep kube-apiserver | grep -v pause |awk '{print $1}')
systemctl restart kubelet.service

证书更新成功

4 如果是多台master
需要在每个master上面执行上面的步骤