RKE 集群证书轮换 (local 集群和业务集群通用)

最新推荐文章于 2024-04-16 10:00:54 发布

均衡教派.

最新推荐文章于 2024-04-16 10:00:54 发布

阅读量928

点赞数

分类专栏： kubernetes 文章标签： kubernetes

本文链接：https://blog.csdn.net/qq_36961626/article/details/123612272

版权

kubernetes 专栏收录该内容

16 篇文章 2 订阅

订阅专栏

1.轮换 CA 和所有服务证书

2.批量更新所有服务证书 (CA 证书不变)

3.更新指定服务 (CA 证书不变)

4.说明

1.轮换 CA 和所有服务证书

rke cert rotate --rotate-ca

INFO[0000] Initiating Kubernetes cluster
INFO[0000] Rotating Kubernetes cluster certificates
INFO[0000] [certificates] Generating CA kubernetes certificates
INFO[0000] [certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates
INFO[0000] [certificates] Generating Kubernetes API server certificates
INFO[0000] [certificates] Generating Kube Controller certificates
INFO[0000] [certificates] Generating Kube Scheduler certificates
INFO[0000] [certificates] Generating Kube Proxy certificates
INFO[0000] [certificates] Generating Node certificate
INFO[0001] [certificates] Generating admin certificates and kubeconfig
INFO[0001] [certificates] Generating Kubernetes API server proxy client certificates
INFO[0001] [certificates] Generating etcd-xxxxx certificate and key
INFO[0001] [certificates] Generating etcd-yyyyy certificate and key
INFO[0001] [certificates] Generating etcd-zzzzz certificate and key
INFO[0001] Successfully Deployed state file at [./cluster.rkestate]
INFO[0001] Rebuilding Kubernetes cluster with rotated certificates

2.批量更新所有服务证书 (CA 证书不变)

rke cert rotate

INFO[0000] Initiating Kubernetes cluster
INFO[0000] Rotating Kubernetes cluster certificates
INFO[0000] [certificates] Generating Kubernetes API server certificates
INFO[0000] [certificates] Generating Kube Controller certificates
INFO[0000] [certificates] Generating Kube Scheduler certificates
INFO[0001] [certificates] Generating Kube Proxy certificates
INFO[0001] [certificates] Generating Node certificate
INFO[0001] [certificates] Generating admin certificates and kubeconfig
INFO[0001] [certificates] Generating Kubernetes API server proxy client certificates
INFO[0001] [certificates] Generating etcd-xxxxx certificate and key
INFO[0001] [certificates] Generating etcd-yyyyy certificate and key
INFO[0002] [certificates] Generating etcd-zzzzz certificate and key
INFO[0002] Successfully Deployed state file at [./cluster.rkestate]
INFO[0002] Rebuilding Kubernetes cluster with rotated certificates
.....
INFO[0050] [worker] Successfully restarted Worker Plane..

3.更新指定服务 (CA 证书不变)

rke cert rotate --service kubelet
INFO[0000] Initiating Kubernetes cluster
INFO[0000] Rotating Kubernetes cluster certificates
INFO[0000] [certificates] Generating Node certificate
INFO[0000] Successfully Deployed state file at [./cluster.rkestate]
INFO[0000] Rebuilding Kubernetes cluster with rotated certificates
.....
INFO[0033] [worker] Successfully restarted Worker Plane..

4.说明

因为证书改变，相应的 token 也会变化，在集群证书更新完成后，需要对连接 API SERVER 的 Pod 进行重建，以获取新的 token。

cattle-system/cattle-cluster-agent
cattle-system/cattle-node-agent
cattle-system/kube-api-auth
ingress-nginx/nginx-ingress-controller
kube-system/canal
kube-system/kube-dns
kube-system/kube-dns-autoscaler
其他应用 Pod

均衡教派.

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
打赏
0
评论
RKE 集群证书轮换 (local 集群和业务集群通用)

目录1.轮换 CA 和所有服务证书2.批量更新所有服务证书 (CA 证书不变)3.更新指定服务 (CA 证书不变)4.说明1.轮换 CA 和所有服务证书rke cert rotate --rotate-caINFO[0000] Initiating Kubernetes clusterINFO[0000] Rotating Kubernetes cluster certificatesINFO[0000] [certificates] Generating CA k
复制链接

扫一扫