碼上快樂

相關內容    簡體    繁體

k8s查看證書期限

本文轉載自   查看原文   2022-02-25 15:23   4008    k8s-docker

 

openssl x509 -in kubernetes.pem  -text -noout
openssl x509 -in etcd.pem  -text -noout
openssl x509 -in kubernetes.pem  -text -noout
openssl x509 -in kube-proxy.pem  -text -noout

 

查看所有證書

 

[root@master ~]# kubeadm  certs check-expiration     
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Mar 05, 2023 10:53 UTC   364d            ca                      no      
apiserver                  Mar 05, 2023 10:53 UTC   364d            ca                      no      
apiserver-etcd-client      Mar 05, 2023 10:53 UTC   364d            etcd-ca                 no      
apiserver-kubelet-client   Mar 05, 2023 10:53 UTC   364d            ca                      no      
controller-manager.conf    Mar 05, 2023 10:53 UTC   364d            ca                      no      
etcd-healthcheck-client    Mar 05, 2023 10:53 UTC   364d            etcd-ca                 no      
etcd-peer                  Mar 05, 2023 10:53 UTC   364d            etcd-ca                 no      
etcd-server                Mar 05, 2023 10:53 UTC   364d            etcd-ca                 no      
front-proxy-client         Mar 05, 2023 10:53 UTC   364d            front-proxy-ca          no      
scheduler.conf             Mar 05, 2023 10:53 UTC   364d            ca                      no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Mar 02, 2032 10:53 UTC   9y              no      
etcd-ca                 Mar 02, 2032 10:53 UTC   9y              no      
front-proxy-ca          Mar 02, 2032 10:53 UTC   9y              no

 

更新證書操作

手動導出集群配置(證書還未過期)

 kubeadm config print init-defaults > kube-config.yaml

 

如果證書過期了, 在當前目錄下編輯配置文件kube-config.yaml

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.19.7
imageRepository: registry.aliyuncs.com/google_containers

 

備份原有的證書文件

cp -r  /etc/kubernetes/pki   /etc/kubernetes/pki_backup

 

更新證書

kubeadm certs  renew all  --config=kube-config.yaml

 

覆蓋.kube/config文件

mv /root/.kube/config  /root/.kube/config.old
cp -i /etc/kubernetes/admin.conf /root/.kube/config

 

注意kubelet.conf 需要重新生產, 否則重啟kubelet會有問題

mv /etc/kubernetes/kubelet.conf  /etc/kubernetes/kubelet.conf.old

kubeadm  init  phase  kubeconfig  kubelet --kubernetes-version v1.23.4

systemctl  restart kubelet

systemctl status kubelet

 

重啟 etcd scheduler control apiserver

docker  restart `docker ps | grep etcd | awk '{print $1}'`

docker  restart `docker ps | grep kube-apiserver| awk '{print $1}'`

docker  restart `docker ps | grep kube-controller | awk '{print $1}'`

docker  restart `docker ps | grep kube-scheduler | awk '{print $1}'`

 

 

 

kubeadmin 下載源碼

cd  /data
git clone https://github.com/kubernetes/kubernetes.git

 

修改kubeadmin 源碼包更新證書策略

 

 

更新kubeadmin

cp  /usr/bin/kubeadm  /usr/bin/kubeadm.old

 

備份各個節點pki

cp -r /etc/kubernetes/pki   /etc/kubernetes/pki.old

 

 

重新生成證書

kubeadmin alpha certs  renew all  --config=/usr/local/install-k8s/core/kubeadmin-config.yaml

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 k8s證書 k8s證書淺析 k8s 證書過期處理 k8s 證書過期時間調整 k8s證書過期的處理方法 K8s集群相關證書 k8s dashboard 安裝和證書更新 更新k8s集群的證書 2、k8s etcd 自簽證書 k8s證書過期問題
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM