kubeadm 安装kubernetes kube-api证书过期解决方案
kubeadm 安装kubernetes kube-api证书过期解决方案problem describectionUnable to connect to the server: x509: certificate has expired or is not yet valid解决方案#查看证书过期时间openssl x509 -in /etc/kubernetes/pki/ap...
·
kubeadm 安装kubernetes kube-api证书过期解决方案
problem describection
Unable to connect to the server: x509: certificate has expired or is not yet valid
解决方案
#查看证书过期时间
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
在其中一台master节点上生成新的证书
备份
cp /etc/kubernetes/ /etc/kubernetes-bak
创建证书
#删除旧的证书
rm rf pki/apiserver* pki/front-proxy-client.* admin.conf admin.conf controller-manager.conf scheduler.conf
kubeadm alpha phase certs apiserver --config config.yml
kubeadm alpha phase certs apiserver-kubelet-client
kubeadm alpha phase certs front-proxy-client
生成配置文件
kubeadm alpha phase kubeconfig all --config config.yml
重启kube-apiserver kube-controller kube-scheduler kubelet
docker restart `docker ps | grep kube-apiserver | awk '{ print $1 }'`
docker restart `docker ps | grep kube-scheduler | awk '{ print $1 }'`
docker restart `docker ps | grep kube-controller | awk '{ print $1 }'`
systemctl restart kubelet
复制admin.conf
cp /etc/kubenetes/admin.conf /root/.kube/config
另外几台master配置
备份
cp /etc/kubernetes/ /etc/kubernetes-bak
复制证书
scp /etc/kubernetes/pki/* 10.110.156.63:/etc/kubernetes/pki/
scp admin.conf kubelet.conf controller-manager.conf scheduler.conf 10.110.156.63:/etc/kubernetes/
这样就OK 了
参考文章
https://blog.csdn.net/ywq935/article/details/88355832
更多推荐
已为社区贡献3条内容
所有评论(0)