前言:
kubeadm安裝的k8s集群有一個證書問題,證書的有效期為一年,過期的話kubectl命令就會異常。解決辦法如下:
查看證書是否有效:
sudo openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ' 輸出: Not Before: May 24 03:32:37 2019 GMT Not After : May 23 03:32:38 2020 GMT
在當前目錄下編輯配置文件kubeadm.conf並寫入以下內容:
apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: v1.13.3 imageRepository: my.registry:5000/google_containers
更新證書命令:
kubeadm alpha certs renew all --config kubeadm.conf sudo openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ' 輸出: Not Before: May 24 03:32:37 2019 GMT Not After : Aug 15 09:43:03 2020 GMT
重新生成配置文件:
mv /etc/kubernetes/*.conf ~/. kubeadm init phase kubeconfig all --config kubeadm.conf
更新.kube下的配置文件:
mv $HOME/.kube/config $HOME/.kube/config.old sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
重啟kube-apiserver,kube-controller,kube-scheduler,etcd這4個容器:
docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
以上步驟實測可用,僅限於1.13.3單節點集群。