如果证书已经过期,如何进行重新签发证书
准备kubeadm.conf 配置文件一份
# vi /root/kubeadm.conf
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.14.1
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
重新更新证书:
kubeadm alpha certs renew all --config=/root/kubeadm.conf
查看证书时间
openssl x509 -in /etc/kubernetes/pki/front-proxy-client.crt -noout -dates
备份配置文件
rm -rf /etc/kubernetes/*.conf
kubeadm init phase kubeconfig all --apiserver-advertise-address=192.168.3.149
更新客户端配置:
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
启用自动轮换kubelet 证书(未测试) 参考:https://www.cnblogs.com/skymyyang/p/11093686.html
修改kubeadm 1.14.x源码,调整证书过期时间 参考: https://www.cnblogs.com/skymyyang/p/11093686.html