设为首页收藏本站
开启辅助访问

k8s查看证书期限

 您所在的位置:网站首页 怎么看签证有没有过期 k8s查看证书期限

k8s查看证书期限

2024-07-16 17:02| 来源: 网络整理| 查看: 265

 

openssl x509 -in kubernetes.pem -text -noout openssl x509 -in etcd.pem -text -noout openssl x509 -in kubernetes.pem -text -noout openssl x509 -in kube-proxy.pem -text -noout

 

查看所有证书

 

[root@master ~]# kubeadm certs check-expiration [check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED admin.conf Mar 05, 2023 10:53 UTC 364d ca no apiserver Mar 05, 2023 10:53 UTC 364d ca no apiserver-etcd-client Mar 05, 2023 10:53 UTC 364d etcd-ca no apiserver-kubelet-client Mar 05, 2023 10:53 UTC 364d ca no controller-manager.conf Mar 05, 2023 10:53 UTC 364d ca no etcd-healthcheck-client Mar 05, 2023 10:53 UTC 364d etcd-ca no etcd-peer Mar 05, 2023 10:53 UTC 364d etcd-ca no etcd-server Mar 05, 2023 10:53 UTC 364d etcd-ca no front-proxy-client Mar 05, 2023 10:53 UTC 364d front-proxy-ca no scheduler.conf Mar 05, 2023 10:53 UTC 364d ca no CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED ca Mar 02, 2032 10:53 UTC 9y no etcd-ca Mar 02, 2032 10:53 UTC 9y no front-proxy-ca Mar 02, 2032 10:53 UTC 9y no

 

更新证书操作

手动导出集群配置(证书还未过期)

 kubeadm config print init-defaults > kube-config.yaml

 

如果证书过期了, 在当前目录下编辑配置文件kube-config.yaml

apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: v1.19.7 imageRepository: registry.aliyuncs.com/google_containers

 

备份原有的证书文件

cp -r /etc/kubernetes/pki /etc/kubernetes/pki_backup

 

更新证书

kubeadm certs renew all --config=kube-config.yaml

 

覆盖.kube/config文件

mv /root/.kube/config /root/.kube/config.old cp -i /etc/kubernetes/admin.conf /root/.kube/config

 

注意kubelet.conf 需要重新生产, 否则重启kubelet会有问题

mv /etc/kubernetes/kubelet.conf /etc/kubernetes/kubelet.conf.old kubeadm  init  phase  kubeconfig  kubelet --kubernetes-version v1.23.4 systemctl restart kubelet systemctl status kubelet

 

重启 etcd scheduler control apiserver

docker restart `docker ps | grep etcd | awk '{print $1}'` docker restart `docker ps | grep kube-apiserver| awk '{print $1}'` docker restart `docker ps | grep kube-controller | awk '{print $1}'` docker restart `docker ps | grep kube-scheduler | awk '{print $1}'`

 

 

 

kubeadmin 下载源码

cd /data git clone https://github.com/kubernetes/kubernetes.git

 

修改kubeadmin 源码包更新证书策略

 

 

更新kubeadmin

cp /usr/bin/kubeadm /usr/bin/kubeadm.old

 

备份各个节点pki

cp -r /etc/kubernetes/pki /etc/kubernetes/pki.old

 

 

重新生成证书

kubeadmin alpha certs renew all --config=/usr/local/install-k8s/core/kubeadmin-config.yaml

 



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3