k8s kubeadm 1.20.15 证书更新

获取kubeadm 版本号

kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.15", GitCommit:"8f1e5bf0b9729a899b8df86249b56e2c74aebc55", GitTreeState:"clean", BuildDate:"2022-01-19T17:26:37Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}

查看apiserver证书

cd /etc/kubernetes/pki && openssl x509 -in apiserver.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2741309662955592628 (0x260b169d47d05bb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Mar  8 12:25:05 2022 GMT
            Not After : Mar  8 12:25:05 2023 GMT

2022/3/8 到 2023/3/8 一年有效

更新证书： 找到安装的kubeadm-config.yaml文件

备份证书：cp -r /etc/kubernetes/pki/ /etc/kubernetes/pki.old

执行证书更新命令

kubeadm alpha certs renew all --config=/root/kubeadm-config.yaml

Command "all" is deprecated, please use the same command under "kubeadm certs"
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

再次查看证书

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8420588759439972080 (0x74dbf0dcce1116f0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Mar  8 12:25:05 2022 GMT
            Not After : Mar 10 02:26:13 2023 GMT

证书失效日期为当前日加一年