当K8s集群的证书过期后,集群将无法正常使用。现象如下:
[root@k8s-master ~]# kubectl get pods -A
The connection to the server 192.168.223.201:6443 was refused - did you specify the right host or port?
[root@k8s-master ~]# kubectl get nodes
The connection to the server 192.168.223.201:6443 was refused - did you specify the right host or port?
通过 kubeadm certs check-expiration 命令检查证书的过期时间,发现相关组件的认证证书都已过期。
[root@k8s-master ~]# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.con