Kubeadm安装的kubernetes集群证书过期问题处理

1

Unable to connect to the server: x509: certificate has expired or is not yet valid

1

[docker@k8s-77-53 kubernetes]$ openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ' #查看过期时间命令

1
2
3
4
5
6
7

[docker@k8s-77-53 kubernetes]$ kubeadm config view > kubeadm.yaml #将kubeadm配置写入 kubeadm.yaml文件 此命令在证书过期后应该不能用  所以直接写配置文件
[docker@k8s-77-53 kubernetes]$ vim kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.13.1 #-->这里改成你集群对应的版本
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
[docker@k8s-77-53 kubernetes]$ kubeadm alpha certs renew all --config kubeadm.yaml #重新生成证书

1
2
3
4
5
6
7
8

[docker@k8s-77-53 kubernetes]$ mkdir conf_bak
[docker@k8s-77-53 kubernetes]$ mv *.conf conf_bak #要将配置移走  要不然不会生成新的
[docker@k8s-77-53 kubernetes]$ kubeadm init phase kubeconfig all --config kubeadm.yaml
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file

1
2

[docker@k8s-77-53 kubernetes]$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[docker@k8s-77-53 kubernetes]$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

1

[docker@k8s-77-53 kubernetes]$ sudo systemctl restart kubelet

1
2
3

[root@k8s-77-53 ~]# cd /var/lib/kubelet/pki
[root@k8s-77-53 pki]# rm -rf *
[root@k8s-77-53 pki]# systemctl restart kubelet