下面操作都是在 master 中執行
查看當前證書到期時間
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===================;done
備份證書
cp -rp /etc/kubernetes /etc/kubernetes.bak
生成配置文件
kubeadm config view > /tmp/cluster.yaml
更新新證書
kubeadm alpha certs renew all --config=/tmp/cluster.yaml
重啟相關服務
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
查看新證書到期時間
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
更新配置文件
mv /root/.kube /root/.kube_20210107
mkdir /root/.kube/
cp -i /etc/kubernetes/admin.conf /root/.kube/config
檢查
kubectl get node
參考:https://blog.csdn.net/qq_33235529/article/details/106053919