首先查看當前證書到期時間
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===================;done
備份過期證書
cp -rp /etc/kubernetes /etc/kubernetes.bak
生成配置文件
kubeadm config view > /tmp/cluster.yaml
更新新證書
kubeadm alpha certs renew all --config=/tmp/cluster.yaml
重啓相關服務
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
查看證書到期時間
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
覆蓋配置文件
rm -rf /root/.kube/
mkdir /root/.kube/
cp -i /etc/kubernetes/admin.conf /root/.kube/config
驗證
kubectl get no