适用环境:
kubeadm部署的k8s集群,默认证书位置为/etc/kubernetes/pki
如果环境中证书目录为非pki(以ssl为例),则需创建对应软连接。
本文以高可用集群为例(3 master)
master节点:
- 查看证书有效期
cd /etc/kubernetes
openssl x509 -in ssl/apiserver.crt -noout -enddate
2. 更新过期证书(/etc/kubernetes) (master1 节点)
创建软连接pki -> ssl : ln -s ssl/ pki (如pki存在,可略过)
kubeadm alpha certs renew apiserver
kubeadm alpha certs renew apiserver-kubelet-client
kubeadm alpha certs renew front-proxy-client
3. 更新kubeconfig(/etc/kubernetes)(master1 节点)
需更新admin.conf / scheduler.conf / controller-manager.conf / kubelet.conf
kubeadm alpha certs renew admin.conf
kubeadm alpha certs renew controller-manager.co