k8s更換過期證書

首先查看當前證書到期時間

for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===================;done

備份過期證書

• 備份證書

cp -rp /etc/kubernetes /etc/kubernetes.bak

生成配置文件

kubeadm config view > /tmp/cluster.yaml

更新新證書

• 生成新證書

kubeadm alpha certs renew all --config=/tmp/cluster.yaml

重啓相關服務

docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart

查看證書到期時間

for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done

覆蓋配置文件

rm -rf /root/.kube/
mkdir /root/.kube/
cp -i /etc/kubernetes/admin.conf /root/.kube/config

驗證

kubectl get no