当前位置: 首页 > news >正文

kubeadm部署的k8s1.29集群证书更新

news 2025/8/26 19:33:16

1、查看证书有效期

kubeadm certs check-expiration

更新证书前:

[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Mar 29, 2025 09:55 UTC   362d            ca                      no      
apiserver                  Mar 29, 2025 09:55 UTC   362d            ca                      no      
apiserver-etcd-client      Mar 29, 2025 09:55 UTC   362d            etcd-ca                 no      
apiserver-kubelet-client   Mar 29, 2025 09:55 UTC   362d            ca                      no      
controller-manager.conf    Mar 29, 2025 09:55 UTC   362d            ca                      no      
etcd-healthcheck-client    Mar 29, 2025 09:55 UTC   362d            etcd-ca                 no      
etcd-peer                  Mar 29, 2025 09:55 UTC   362d            etcd-ca                 no      
etcd-server                Mar 29, 2025 09:55 UTC   362d            etcd-ca                 no      
front-proxy-client         Mar 29, 2025 09:55 UTC   362d            front-proxy-ca          no      
scheduler.conf             Mar 29, 2025 09:55 UTC   362d            ca                      no      
super-admin.conf           Mar 29, 2025 09:55 UTC   362d            ca                      no      CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Mar 27, 2034 09:55 UTC   9y              no      
etcd-ca                 Mar 27, 2034 09:55 UTC   9y              no      
front-proxy-ca          Mar 27, 2034 09:55 UTC   9y              no

更新证书后

[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Apr 01, 2025 06:50 UTC   364d            ca                      no      
apiserver                  Apr 01, 2025 06:50 UTC   364d            ca                      no      
apiserver-etcd-client      Apr 01, 2025 06:50 UTC   364d            etcd-ca                 no      
apiserver-kubelet-client   Apr 01, 2025 06:50 UTC   364d            ca                      no      
controller-manager.conf    Apr 01, 2025 06:50 UTC   364d            ca                      no      
etcd-healthcheck-client    Apr 01, 2025 06:50 UTC   364d            etcd-ca                 no      
etcd-peer                  Apr 01, 2025 06:50 UTC   364d            etcd-ca                 no      
etcd-server                Apr 01, 2025 06:50 UTC   364d            etcd-ca                 no      
front-proxy-client         Apr 01, 2025 06:50 UTC   364d            front-proxy-ca          no      
scheduler.conf             Apr 01, 2025 06:50 UTC   364d            ca                      no      
super-admin.conf           Apr 01, 2025 06:50 UTC   364d            ca                      no      CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Mar 27, 2034 09:55 UTC   9y              no      
etcd-ca                 Mar 27, 2034 09:55 UTC   9y              no      
front-proxy-ca          Mar 27, 2034 09:55 UTC   9y              no

2、备份(每台机器有的都要备份)

cp -rp /etc/kubernetes /etc/kubernetes.bak
cp -rp /var/lib/etcd /var/lib/etcd.bak
cp -a ~/.kube ~/.kube_bak

3、重新生成证书,使用该命令不用提前删除过期证书(所有master节点都要做)

kubeadm certs renew all

4、再查看证书有效期

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep 'Not'Not Before: Mar 29 09:50:37 2024 GMTNot After : Apr  1 06:50:43 2025 GMT

5、重启四大组件(所有master操作)

docker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart

6、更新用户证书凭证(所有master操作)

cp /etc/kubernetes/admin.conf ~/.kube/config

7、所有节点重启kubelet

systemctl restart kubelet

8、检测状态,成功

systemctl status kubelet

9、检查组件状态

kubectl get cs
http://www.lryc.cn/news/332052.html

相关文章:

  • 【A 类比赛】大学生学科竞赛智慧应用场景题目大全
  • Yarn的安装和使用(2):使用及问题解决
  • 如何在Bash中连接字符串变量
  • doesn‘t contain a valid partition table
  • modprobe加载驱动模块时报错:modprobe: module xxx.ko not found in modules.dep
  • 游戏引擎中的粒子系统
  • 哈佛大学商业评论 -- 第二篇:增强现实是如何工作的?
  • 『python爬虫』巨量http代理使用 每天白嫖1000ip(保姆级图文)
  • 6-95 希尔排序(Java语言描述)
  • JAVA面试大全之分布式篇
  • qt各种锁使用讲解
  • 5.111 BCC工具之ext4dist.py解读
  • Rust 的 termion 库控制终端光标的位置
  • ADB(Android Debug Bridge)操作命令详解及示例
  • 书生浦语训练营2期-第二节课笔记作业
  • 【日常积累】指定ruby版本环境安装
  • SOC内部集成网络MAC外设+ PHY网络芯片方案:MII/RMII 接口与 MDIO 接口
  • 简单了解HTTP和HTTPS
  • 系列学习前端之第 9 章:一文搞懂 Node.js 和 nvm,掌握 npm
  • 超强命令行解析工具Apache Commons CLI
  • JAVAEE——多线程进阶,锁策略
  • 富文本编辑器Quill全套教程
  • Swift 代码注释的使用
  • 蓝桥杯—DS1302
  • nginx: 集群环境配置搭建
  • Linux:进程终止和等待
  • 一、next-auth 身份验证凭据-使用电子邮件和密码注册登录
  • 2.SpringBoot利用Thymeleaf实现页面的展示
  • devtool: ‘source-map‘ 和 devtool: ‘#source-map‘的区别
  • Flutter Boost 3