Kubernetes 13.5 更新证书(已验证)
2020-03-30 本文已影响0人
济南打工人
1、备份证书,配置文件
登陆k8s master,执行如下命令(3个master):
cp -r /etc/kubernetes /etc/kubernetes_bak
2、重新生成证书
在其中一台master,执行以下命令:
root@k8s-m1:/etc/kubernetes# kubeadm alpha certs renew all
I0324 10:55:23.271047 31943 version.go:94] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://storage.googleapis.com/kubernetes-release/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I0324 10:55:23.271114 31943 version.go:95] falling back to the local client version: v1.13.5
I0324 10:55:24.635145 31943 version.go:237] remote version is much newer: v1.17.4; falling back to: stable-1.13
I0324 10:55:26.683333 31943 version.go:237] remote version is much newer: v1.17.4; falling back to: stable-1.13
I0324 10:55:38.152096 31943 version.go:94] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://storage.googleapis.com/kubernetes-release/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I0324 10:55:38.152131 31943 version.go:95] falling back to the local client version: v1.13.5
couldn't load etcd/ca certificate authority from /etc/kubernetes/pki
查看证书到期时间,已变为1年以后
图片.png
3、重新生成对应的配置文件
root@k8s-m1:/etc/kubernetes# kubeadm init phase kubeconfig all
I0324 10:58:59.226772 406 version.go:237] remote version is much newer: v1.17.4; falling back to: stable-1.13
I0324 10:59:09.227053 406 version.go:94] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.13.txt": Get https://storage.googleapis.com/kubernetes-release/release/stable-1.13.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I0324 10:59:09.227123 406 version.go:95] falling back to the local client version: v1.13.5
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
4、拷贝证书到其他master,生成对应的配置文件
scp -r /etc/kubernetes/kpi user@IP:/etc/kubernetes/pki
kubeadm init phase kubeconfig all
5、重启docker 和 kubelet服务(3个master)
sudo systemctl restart docker; sudo systemctl restart kubelet
6、拷贝kubectl 客户端文件
root@k8s-m1:/etc/kubernetes# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
cp: overwrite '/root/.kube/config'? y
