解决 k8s 环境证书过期的问题

本次环境 1.18.6

1、查询是否过期

openssl x509 -in apiserver.crt -noout -text |grep ' Not '

2、查看证书 是否过期

 kubeadm alpha certs check-expiration

3、备份 pki

cd /etc/kubernetes

cp -r pki/ pki_back/

4、 更新所有证书

kubeadm alpha certs renew all

5、 备份 /etc/kubernetes

cp -r kubernetes/ kubernetes_back/

6、更新配置

kubeadm alpha kubeconfig user --client-name=admin
kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin  > /etc/kubernetes/admin.conf
kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf
kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

7、 重启 k8s 基础服务

 docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart