K8S 证书过期时间查询
#脚本方法
#/bin/bash
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;
echo ======================$item===================;
do openssl x509 -in $item -text -noout| grep Not;
done
# 指令方法
[root@qtxian-k8s-master-1 ~]# kubeadm alpha certs check-expiration
备份过期证书
mkdir -p /etc/kubernetes.bak/pki
cp -rp /etc/kubernetes/pki /etc/kubernetes.bak/pki
续订全部证书
[root@qtxian-k8s-master-1 ~]# kubeadm alpha certs renew all
[root@qtxian-k8s-master-1 ~]# kubeadm alpha certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed