k8s证书过期
bash
[root@k8s-master102 ~]# kubectl get pod -A
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2023-07-25T15:14:00+08:00 is after 2023-07-24T16:25:58Z解决方案
- 备份 kubernetes配置
bash
cp -r /etc/kubernetes /etc/kubernetes_bak
- 检测证书过期
bash
kubeadm certs check-expiration
- 更新证书
bash
kubeadm certs renew all
- 重启kube-apiserver、kube-controller-manage、kube-scheduler
bash
# 重启 kubelet
systemctl restart kubelet
# 重启kube-apiserver、kube-controller-manage、kube-scheduler
docker ps |grep kube-apiserver|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-controller-manage|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-scheduler|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
- 更新用户配置
bash
# 备份
cp -rp $HOME/.kube/config $HOME/.kube/config.bak
# 并生成新的配置文件
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config此步骤可能会出现报错
error: You must be logged in to the server (Unauthorized),请参考注意事项
注意事项
- 第3步更新证书以后需要重新启动
bash
# 重启 kubelet
systemctl restart kubelet
# 重启kube-apiserver、kube-controller-manage、kube-scheduler
# 如果是docker作为容器的话,可执行如下命令。其余容器方法类似
docker ps |grep kube-apiserver|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-controller-manage|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-scheduler|grep -v pause|awk '{print $1}'|xargs -i docker restart {}- 第4步不生效,始终报错
error: You must be logged in to the server (Unauthorized)
解决方案:
bash
# 删除 cache
$HOME/.kube/cache
# 重新生成
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config