一、备份证书和配置文件

 

备份证书

sudo  mv  /etc/kubernetes/pki/apiserver .key  /etc/kubernetes/pki/apiserver .key.old
sudo  mv  /etc/kubernetes/pki/apiserver .crt  /etc/kubernetes/pki/apiserver .crt.old
sudo  mv  /etc/kubernetes/pki/apiserver-kubelet-client .crt  /etc/kubernetes/pki/apiserver-kubelet-client .crt.old
sudo  mv  /etc/kubernetes/pki/apiserver-kubelet-client .key  /etc/kubernetes/pki/apiserver-kubelet-client .key.old
sudo  mv  /etc/kubernetes/pki/front-proxy-client .crt  /etc/kubernetes/pki/front-proxy-client .crt.old
sudo  mv  /etc/kubernetes/pki/front-proxy-client .key  /etc/kubernetes/pki/front-proxy-client .key.old
#sudo mv /etc/kubernetes/pki/ca.crt /etc/kubernetes/pki/ca.crt.old
#sudo mv /etc/kubernetes/pki/ca.key /etc/kubernetes/pki/ca.key.old
#sudo mv /etc/kubernetes/pki/sa.crt /etc/kubernetes/pki/sa.crt.old
#sudo mv /etc/kubernetes/pki/sa.key /etc/kubernetes/pki/sa.key.old
#备份配置文件
sudo  mv  /etc/kubernetes/admin .conf  /etc/kubernetes/admin .conf.old
sudo  mv  /etc/kubernetes/kubelet .conf  /etc/kubernetes/kubelet .conf.old
sudo  mv  /etc/kubernetes/controller-manager .conf  /etc/kubernetes/controller-manager .conf.old
sudo  mv  /etc/kubernetes/scheduler .conf  /etc/kubernetes/scheduler .conf.old

 

二、生产新的证书和配置文件

(默认为1年)

链接: https://pan.baidu.com/s/1ZlU4veH4Nh_lKpNhUp5qIg 提取码: fqdj 

网盘中的文件是基于(kubernetes 1.11.10的版本编译) 为100年的,已版本1.11.10的源码编译(编译工具goland 1.11.10+lideide 36),直接执行tar xf kubeadm-src-100.tar.gz -C /;主要修改如下面的图:

image2019-5-22%2013%3A43%3A23.png?version=1&modificationDate=1558503801000&api=v2

image2019-5-22%2013%3A42%3A30.png?version=1&modificationDate=1558503749000&api=v2

image2019-5-22%2013%3A41%3A49.png?version=1&modificationDate=1558503707000&api=v2

image2019-5-22%2013%3A41%3A13.png?version=1&modificationDate=1558503671000&api=v2

脚本如下(根据实际情况替换配置文件中的内容,本例为1.11.5):

cat  /tmp/kubeadm-conf .yaml <<EOF
apiVersion: kubeadm.k8s.io /v1alpha1
kind: MasterConfiguration
networking:
   podSubnet: 192.169.0.0 /16
   serviceSubnet: 10.96.0.0 /12
etcd:
   endpoints:
     - http: //192 .168.0.100:2379
#token: 67e411.zc3617bb21ad7ee3
kubernetesVersion: v1.11.5
api:
   advertiseAddress: 192.168.0.100
EOF
#sudo kubeadm alpha phase certs ca --config /tmp/kubeadm-conf.yaml
#sudo kubeadm alpha phase certs sa --config /tmp/kubeadm-conf.yaml
sudo  kubeadm alpha phase certs apiserver --config  /tmp/kubeadm-conf .yaml
sudo  kubeadm alpha phase certs apiserver-kubelet-client --config  /tmp/kubeadm-conf .yaml
sudo  kubeadm alpha phase certs front-proxy-client --config  /tmp/kubeadm-conf .yaml
sudo  kubeadm alpha phase kubeconfig all --config  /tmp/kubeadm-conf .yaml

三、查看证书时间

openssl x509 - in  /etc/kubernetes/pki/front-proxy-client .crt -noout -dates

image2019-5-22%2014%3A3%3A35.png?version=1&modificationDate=1558505013000&api=v2

四、更新node节点的信息

1.master 创建新的token,如果token未设置失效时间,也要执行一次

kubeadm token create --config=/tmp/kubeadm-conf.yaml

image2019-5-23%2018%3A10%3A23.png?version=1&modificationDate=1558606224000&api=v2

 

2.删除/var/lib/kubelet/pki/下的所有文件

image2019-5-27%2013%3A32%3A48.png?version=1&modificationDate=1558935168768&api=v2

 

3.替换/etc/kubernetes/bootstrap-kubelet.conf中的token(红色框的部分)为上面创建的token值

image2019-5-27%2013%3A34%3A12.png?version=1&modificationDate=1558935252339&api=v2

 

4.重启kubelet 服务,systemctl restart kubelet

image2019-5-27%2013%3A37%3A43.png?version=1&modificationDate=1558935463705&api=v2

 

5.检测是否成功,ls /var/lib/kubelet/pki/(看上图)

image2019-5-27%2013%3A39%3A42.png?version=1&modificationDate=1558935583067&api=v2


注意:

建议直接用修改过的文件进行kubeadm init