检查有效期
kubeadm certs check-expiration 或者一些老版本命令 kubeadm alpha certs renew all |
更新证书,每个master都要操作
kubeadm certs renew all |
重启master节点的组件(一个一个节点来)
systemctl restart kubelet mkdir /tmp/kubernetes mv /etc/kubernetes/manifests/*.yaml /tmp/kubernetes/ sleep 60 mv /tmp/kubernetes/*.yaml /etc/kubernetes/manifests/ |
最后检查证书时间
kubeadm certs check-expiration |
更新kubeconfig文件
kubeadm init phase kubeconfig admin --kubeconfig-dir=/etc/kubernetes/ |
-----------------------------------------------------------------------------------------------------------------------------------
以下操作须在所有 master 节点上执行
移除 apiserver 证书 (/etc/kubernetes 目录下操作)
mv /etc/kubernetes/pki/apiserver.crt /etc/kubernetes/apiserver.crt-bak mv /etc/kubernetes/pki/apiserver.key /etc/kubernetes/apiserver.key-bak |
重新生成apiserver的证书
kubeadm init phase certs apiserver --config kubeadm-config.yaml |
重启apiserver
更新kubeadm-config
kubeadm init phase upload-config kubeadm --config kubeadm-config.yaml |