...
| Code Block |
|---|
kubeadm certs check-expiration 或者一些老版本命令 kubeadm alpha certs renew all |
更新证书更新证书,每个master都要操作
| Code Block |
|---|
kubeadm certs renew all |
重启master节点的组件(一个一个节点来)
| Code Block |
|---|
systemctl restart kubelet mkdir /tmp/kubernetes mv /etc/kubernetes/manifests/*.yaml /tmp/kubernetes/ && sleep 5 && 60 mv /tmp/kubernetes/*.yaml /etc/kubernetes/manifests/ |
...
| Code Block |
|---|
kubeadm init phase kubeconfig admin --kubeconfig-dir=/etc/kubernetes/ |
-----------------------------------------------------------------------------------------------------------------------------------
如果k8s集群已过期,apiserver无法连接的情况下
以下操作须在所有 master 节点上执行
移除 apiserver 证书 (/etc/kubernetes 目录下操作)
| Code Block |
|---|
mv /etc/kubernetes/pki/apiserver.crt /etc/kubernetes/apiserver.crt-bak mv /etc/kubernetes/pki/apiserver.key /etc/kubernetes/apiserver.key-bak |
重新生成apiserver的证书
| Code Block |
|---|
kubeadm init phase certs apiserver --config kubeadm-config.yaml |
重启apiserver
更新kubeadm-config
| Code Block |
|---|
kubeadm init phase upload-config kubeadm --config kubeadm-config.yaml |