k8s证书过期的解决方案

首先需要在linux中安装openssl,这点不多做赘述。
以下是命令,供各位参考:

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ’ Not ’

mv /etc/kubernetes/ssl/{apiserver.crt,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key} /tmp

kubeadm init phase certs all --config /etc/kubernetes/kubeadm-config.yaml

cd /etc/kubernetes/

mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} /tmp

kubeadm init phase kubeconfig all --config /etc/kubernetes/kubeadm-config.yaml

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

kubectl get apiservice

注意:证书更新后,需要重启master节点

注意:需要重启pod ,例如: kubectl delete po -n kube-system metrics-server-5d497bdd7d-tlzz7

然后再用openssl s_client -showcerts -connect 127.0.0.1:6443 -servername api 2>/dev/null | openssl x509 -noout -enddate 和 openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ’ Not ’ 看下是否更新日期了。

你可能感兴趣的:(kubernetes,linux,容器)