一、備份證書和配置文件
備份證書
sudo mv /etc/kubernetes/pki/apiserver .key /etc/kubernetes/pki/apiserver .key.old sudo mv /etc/kubernetes/pki/apiserver .crt /etc/kubernetes/pki/apiserver .crt.old sudo mv /etc/kubernetes/pki/apiserver-kubelet-client .crt /etc/kubernetes/pki/apiserver-kubelet-client .crt.old sudo mv /etc/kubernetes/pki/apiserver-kubelet-client .key /etc/kubernetes/pki/apiserver-kubelet-client .key.old sudo mv /etc/kubernetes/pki/front-proxy-client .crt /etc/kubernetes/pki/front-proxy-client .crt.old sudo mv /etc/kubernetes/pki/front-proxy-client .key /etc/kubernetes/pki/front-proxy-client .key.old #sudo mv /etc/kubernetes/pki/ca.crt /etc/kubernetes/pki/ca.crt.old #sudo mv /etc/kubernetes/pki/ca.key /etc/kubernetes/pki/ca.key.old #sudo mv /etc/kubernetes/pki/sa.crt /etc/kubernetes/pki/sa.crt.old #sudo mv /etc/kubernetes/pki/sa.key /etc/kubernetes/pki/sa.key.old #備份配置文件 sudo mv /etc/kubernetes/admin .conf /etc/kubernetes/admin .conf.old sudo mv /etc/kubernetes/kubelet .conf /etc/kubernetes/kubelet .conf.old sudo mv /etc/kubernetes/controller-manager .conf /etc/kubernetes/controller-manager .conf.old sudo mv /etc/kubernetes/scheduler .conf /etc/kubernetes/scheduler .conf.old |
二、生產新的證書和配置文件
(默認爲1年)
鏈接: https://pan.baidu.com/s/1ZlU4veH4Nh_lKpNhUp5qIg 提取碼: fqdj
網盤中的文件是基於(kubernetes 1.11.10的版本編譯) 爲100年的,已版本1.11.10的源碼編譯(編譯工具goland 1.11.10+lideide 36),直接執行tar xf kubeadm-src-100.tar.gz -C /;主要修改如下面的圖:
腳本如下(根據實際情況替換配置文件中的內容,本例爲1.11.5):
cat > /tmp/kubeadm-conf .yaml <<EOF apiVersion: kubeadm.k8s.io /v1alpha1 kind: MasterConfiguration networking: podSubnet: 192.169.0.0 /16 serviceSubnet: 10.96.0.0 /12 etcd: endpoints: - http: //192 .168.0.100:2379 #token: 67e411.zc3617bb21ad7ee3 kubernetesVersion: v1.11.5 api: advertiseAddress: 192.168.0.100 EOF #sudo kubeadm alpha phase certs ca --config /tmp/kubeadm-conf.yaml #sudo kubeadm alpha phase certs sa --config /tmp/kubeadm-conf.yaml sudo kubeadm alpha phase certs apiserver --config /tmp/kubeadm-conf .yaml sudo kubeadm alpha phase certs apiserver-kubelet-client --config /tmp/kubeadm-conf .yaml sudo kubeadm alpha phase certs front-proxy-client --config /tmp/kubeadm-conf .yaml sudo kubeadm alpha phase kubeconfig all --config /tmp/kubeadm-conf .yaml |
三、查看證書時間
openssl x509 - in /etc/kubernetes/pki/front-proxy-client .crt -noout -dates |
四、更新node節點的信息
1.master 創建新的token,如果token未設置失效時間,也要執行一次
kubeadm token create --config=/tmp/kubeadm-conf.yaml
2.刪除/var/lib/kubelet/pki/下的所有文件
3.替換/etc/kubernetes/bootstrap-kubelet.conf中的token(紅色框的部分)爲上面創建的token值
4.重啓kubelet 服務,systemctl restart kubelet
5.檢測是否成功,ls /var/lib/kubelet/pki/(看上圖)
注意:
建議直接用修改過的文件進行kubeadm init