1、打開kube-apiserver的配置文件查看證書所在路徑
kube-apiserver.conf
2、使用cfssl-certinfo查看
[root@k8s-node1 ssl]# cfssl-certinfo -cert server.pem { "subject": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "BeiJing", "province": "BeiJing", "names": [ "CN", "BeiJing", "BeiJing", "k8s", "System", "kubernetes" ] }, "issuer": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "serial_number": "624327459644422284005575554556871372314308893395", "sans": [ "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local", "10.0.0.1", "127.0.0.1", "10.0.0.1", "192.168.56.11", "192.168.56.12", "192.168.56.13" ], "not_before": "2020-03-30T08:42:00Z", "not_after": "2030-03-28T08:42:00Z",此處便是證書到期時間2030年3月28日
3、查看CA證書
[root@k8s-node1 ssl]# cfssl-certinfo -cert ca.pem { "subject": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "issuer": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "serial_number": "259013161977081759746876367274801379630605153819", "not_before": "2020-03-30T08:42:00Z", "not_after": "2025-03-29T08:42:00Z",
當集群證書已過期時,通過kubectl或api接口調用的方式與集群apiserver的通訊都將被禁止,集群中的服務進程會不可用。