一、备份证书和配置文件
备份证书
sudo
mv
/etc/kubernetes/pki/apiserver
.key
/etc/kubernetes/pki/apiserver
.key.old
sudo
mv
/etc/kubernetes/pki/apiserver
.crt
/etc/kubernetes/pki/apiserver
.crt.old
sudo
mv
/etc/kubernetes/pki/apiserver-kubelet-client
.crt
/etc/kubernetes/pki/apiserver-kubelet-client
.crt.old
sudo
mv
/etc/kubernetes/pki/apiserver-kubelet-client
.key
/etc/kubernetes/pki/apiserver-kubelet-client
.key.old
sudo
mv
/etc/kubernetes/pki/front-proxy-client
.crt
/etc/kubernetes/pki/front-proxy-client
.crt.old
sudo
mv
/etc/kubernetes/pki/front-proxy-client
.key
/etc/kubernetes/pki/front-proxy-client
.key.old
#sudo mv /etc/kubernetes/pki/ca.crt /etc/kubernetes/pki/ca.crt.old
#sudo mv /etc/kubernetes/pki/ca.key /etc/kubernetes/pki/ca.key.old
#sudo mv /etc/kubernetes/pki/sa.crt /etc/kubernetes/pki/sa.crt.old
#sudo mv /etc/kubernetes/pki/sa.key /etc/kubernetes/pki/sa.key.old
#备份配置文件
sudo
mv
/etc/kubernetes/admin
.conf
/etc/kubernetes/admin
.conf.old
sudo
mv
/etc/kubernetes/kubelet
.conf
/etc/kubernetes/kubelet
.conf.old
sudo
mv
/etc/kubernetes/controller-manager
.conf
/etc/kubernetes/controller-manager
.conf.old
sudo
mv
/etc/kubernetes/scheduler
.conf
/etc/kubernetes/scheduler
.conf.old
|
二、生产新的证书和配置文件
(默认为1年)
链接: https://pan.baidu.com/s/1ZlU4veH4Nh_lKpNhUp5qIg 提取码: fqdj
网盘中的文件是基于(kubernetes 1.11.10的版本编译) 为100年的,已版本1.11.10的源码编译(编译工具goland 1.11.10+lideide 36),直接执行tar xf kubeadm-src-100.tar.gz -C /;主要修改如下面的图:
脚本如下(根据实际情况替换配置文件中的内容,本例为1.11.5):
cat
>
/tmp/kubeadm-conf
.yaml <<EOF
apiVersion: kubeadm.k8s.io
/v1alpha1
kind: MasterConfiguration
networking:
podSubnet: 192.169.0.0
/16
serviceSubnet: 10.96.0.0
/12
etcd:
endpoints:
- http:
//192
.168.0.100:2379
#token: 67e411.zc3617bb21ad7ee3
kubernetesVersion: v1.11.5
api:
advertiseAddress: 192.168.0.100
EOF
#sudo kubeadm alpha phase certs ca --config /tmp/kubeadm-conf.yaml
#sudo kubeadm alpha phase certs sa --config /tmp/kubeadm-conf.yaml
sudo
kubeadm alpha phase certs apiserver --config
/tmp/kubeadm-conf
.yaml
sudo
kubeadm alpha phase certs apiserver-kubelet-client --config
/tmp/kubeadm-conf
.yaml
sudo
kubeadm alpha phase certs front-proxy-client --config
/tmp/kubeadm-conf
.yaml
sudo
kubeadm alpha phase kubeconfig all --config
/tmp/kubeadm-conf
.yaml
|
三、查看证书时间
openssl x509 -
in
/etc/kubernetes/pki/front-proxy-client
.crt -noout -dates
|
四、更新node节点的信息
1.master 创建新的token,如果token未设置失效时间,也要执行一次
kubeadm token create --config=/tmp/kubeadm-conf.yaml
2.删除/var/lib/kubelet/pki/下的所有文件
3.替换/etc/kubernetes/bootstrap-kubelet.conf中的token(红色框的部分)为上面创建的token值
4.重启kubelet 服务,systemctl restart kubelet
5.检测是否成功,ls /var/lib/kubelet/pki/(看上图)
注意:
建议直接用修改过的文件进行kubeadm init
转载于:https://blog.51cto.com/3138583/2400706