kubeadm certs check-expiration
## 结果如下图所示[root@hecs-266792 ~]# kubeadm certs check-expiration[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf May 10, 202413:20 UTC 355d ca no
apiserver May 10, 202413:20 UTC 355d ca no
apiserver-etcd-client May 10, 202413:20 UTC 355d etcd-ca no
apiserver-kubelet-client May 10, 202413:20 UTC 355d ca no
controller-manager.conf May 10, 202413:20 UTC 355d ca no
etcd-healthcheck-client May 10, 202413:20 UTC 355d etcd-ca no
etcd-peer May 10, 202413:20 UTC 355d etcd-ca no
etcd-server May 10, 202413:20 UTC 355d etcd-ca no
front-proxy-client May 10, 202413:20 UTC 355d front-proxy-ca no
scheduler.conf May 10, 202413:20 UTC 355d ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Apr 21, 203313:21 UTC 9y no
etcd-ca Apr 21, 203313:21 UTC 9y no
front-proxy-ca Apr 21, 203313:21 UTC 9y no
进行续费证书
kubeadm certs renew all # 进行续费证书[root@hecs-266792 ~]# kubeadm certs renew all[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
certificate embedded in the kubeconfig filefor the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig filefor the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig filefor the scheduler manager to use renewed
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
[root@hecs-266792 ~]# kubeadm certs check-expiration[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf May 20, 2024 02:32 UTC 364d ca no
apiserver May 20, 2024 02:32 UTC 364d ca no
apiserver-etcd-client May 20, 2024 02:32 UTC 364d etcd-ca no
apiserver-kubelet-client May 20, 2024 02:32 UTC 364d ca no
controller-manager.conf May 20, 2024 02:32 UTC 364d ca no
etcd-healthcheck-client May 20, 2024 02:32 UTC 364d etcd-ca no
etcd-peer May 20, 2024 02:32 UTC 364d etcd-ca no
etcd-server May 20, 2024 02:32 UTC 364d etcd-ca no
front-proxy-client May 20, 2024 02:32 UTC 364d front-proxy-ca no
scheduler.conf May 20, 2024 02:32 UTC 364d ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Apr 21, 203313:21 UTC 9y no
etcd-ca Apr 21, 203313:21 UTC 9y no
front-proxy-ca Apr 21, 203313:21 UTC 9y no