https://www.cnblogs.com/justmine/p/11314843.htmlkubeadm alpha certs check-expirationopenssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ‘ Not ‘可以使用命令openssl x509 -in [证书全路径] -noout -text查看证书详情。
检查过期
新版本(1.15+):kubeadm certs check-expiration
或
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
其他同理
新版本(1.15+):kubeadm certs check-expiration
或
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
其他同理
证书备份
cp -rp /etc/kubernetes /etc/kubernetes.bak重新生成证书
老版本:kubeadm alpha certs renew all
或
新版本(1.15+):kubeadm certs renew all 使用该命令不用提前删除过期证书重新生成配置文件
mv /etc/kubernetes/*.conf /tmp/
老版本:kubeadm alpha phase kubeconfig all
或
新版本(1.15+):kubeadm init phase kubeconfig all
# 更新kubectl配置
cp /etc/kubernetes/admin.conf ~/.kube/config重启kubelet
systemctl restart kubelet证书过期时间确认
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
其他同理集群确认
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sockcrictl ps |grep -E 'kube-apiserver|kube-controller-manager|kube-scheduler|etcd_etcd' | awk -F ' ' '{print $1}' |xargs crictl stopdocker ps | grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' | xargs docker restart