You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

检查有效期

kubeadm certs check-expiration
或者一些老版本命令  kubeadm alpha certs renew all

更新证书

kubeadm certs renew all

重启master节点的组件(一个一个节点来)

systemctl restart kubelet
mkdir /tmp/kubernetes
mv /etc/kubernetes/manifests/*.yaml /tmp/kubernetes/
sleep 60
mv /tmp/kubernetes/*.yaml /etc/kubernetes/manifests/

最后检查证书时间

kubeadm certs check-expiration

更新kubeconfig文件

kubeadm init phase kubeconfig admin --kubeconfig-dir=/etc/kubernetes/

-----------------------------------------------------------------------------------------------------------------------------------

如果k8s集群已过期,apiserver无法连接的情况下

以下操作须在所有 master 节点上执行
移除 apiserver 证书 (/etc/kubernetes 目录下操作)

mv /etc/kubernetes/pki/apiserver.crt /etc/kubernetes/apiserver.crt-bak
mv /etc/kubernetes/pki/apiserver.key /etc/kubernetes/apiserver.key-bak

重新生成apiserver的证书

kubeadm init phase certs apiserver --config kubeadm-config.yaml

重启apiserver

更新kubeadm-config

kubeadm init phase upload-config kubeadm --config kubeadm-config.yaml
  • No labels