java系统找不到指定文件怎么解决
290
2022-09-12
k8s更新证书记录
k8s更新证书记录
手动更新证书 由 kubeadm 生成的客户端证书默认只有一年有效期,我们可以通过 check-expiration 命令来检查证书是否过期:kubeadm alpha certs check-expiration备份原来的证书mkdir /etc/kubernetes.bakcp -r /etc/kubernetes/pki/ /etc/kubernetes.bakcp /etc/kubernetes/*.conf /etc/kubernetes.bak备份 etcd 数据目录:cp -r /var/lib/etcd /var/lib/etcd.bak接下来执行更新证书的命令:kubeadm alpha certs renew all --config=kubeadm.yamlkubeadm alpha certs renew all --config=kubeadm.yamlcertificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewedcertificate for serving the Kubernetes API renewedcertificate the apiserver uses to access etcd renewedcertificate for the API server to connect to kubelet renewedcertificate embedded in the kubeconfig file for the controller manager to use renewedcertificate for liveness probes to healthcheck etcd renewedcertificate for etcd nodes to communicate with each other renewedcertificate for serving etcd renewedcertificate for the front proxy client renewedcertificate embedded in the kubeconfig file for the scheduler manager to use renewed通过上面的命令证书就一键更新完成了,这个时候查看上面的证书可以看到过期时间已经是一年后的时间了:kubeadm alpha certs check-expiration然后记得更新下 kubeconfig 文件:kubeadm init phase kubeconfig all --config kubeadm.yaml[kubeconfig] Using kubeconfig folder "/etc/kubernetes"[kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/admin.conf"[kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/kubelet.conf"[kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/controller-manager.conf"[kubeconfig] Using existing kubeconfig file: "/etc/kubernetes/scheduler.conf"将新生成的 admin 配置文件覆盖掉原本的 admin 文件:mv $HOME/.kube/config $HOME/.kube/config.oldcp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config在三台Master上执行重启kube-apiserver、kube-controller、kube-scheduler、etcd这4个容器,以便使证书生效。docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~