在最开始创建集群的时候我们的apiserver证书可能只加了一个IP,随着集群需要高可用稳定性,所以需要增加master的IP或者迁移master,这个时候就需要重新签发apiserver证书
将kubeadm的配置文件导出
| Code Block |
|---|
kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm-initconfig.yaml |
修改文件内容添加masterIP如果有master发生变化可以修改文件内容
| Code Block |
|---|
apiServer:
certSANs:
- 192.168.1.100
- 192.168.1.101
- 192.168.1.102
- 192.168.1.103
- 192.168.1.104
- 192.168.1.105
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.1.100:6443
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.28.2
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {} |
...
| Code Block |
|---|
kubeadm init phase certs all --config kubeadm-initconfig.yaml |
如果多个master需要将master上执行拷贝证书拷贝到其它master节点替换其它master节点原有证书
...
| Code Block |
|---|
kubeadm init phase upload-config kubeadm --config kubeadm-initconfig.yaml |
更新kubeconfig文件
| Code Block |
|---|
kubeadm init phase kubeconfig admin --kubeconfig-dir=/etc/kubernetes/ |
检查更新后的configmap
| Code Block |
|---|
kubectl -n kube-system get configmap kubeadm-config -o yaml |
...