证书更新后 K8s Master状态NotReady

Black:)2025-08-08 7:07

证书更新后 K8s Master状态NotReady

shell 复制代码 
[root@k8s-master01:7 /var/lib/kubelet/pki]# kubectl get nodes
NAME                             STATUS     ROLES    AGE     VERSION
k8s-master01.amngrvmm.dc01.scf   Ready      master   5y65d   v1.17.6
k8s-master02.amngrvmm.dc01.scf   NotReady   master   5y65d   v1.17.6
k8s-master03.amngrvmm.dc01.scf   Ready      master   5y65d   v1.17.6
k8s-node01.amngrvmm.dc01.scf     Ready      <none>   5y65d   v1.17.6
k8s-node02.amngrvmm.dc01.scf     Ready      <none>   608d    v1.17.6
k8s-node03.amngrvmm.dc01.scf     Ready      <none>   608d    v1.17.6

查看日志

shell 复制代码 
[root@k8s-master02:4 ~]# journalctl -u kubelet -f
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: kubelet.service: Service RestartSec=10s expired, scheduling restart.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: kubelet.service: Scheduled restart job, restart counter is at 52.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: Started kubelet: The Kubernetes Node Agent.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: Flag --cgroup-driver has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https:s.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: Flag --resolv-conf has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: Flag --cgroup-driver has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https:s.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: Flag --resolv-conf has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: I0805 15:45:49.724653    2797 server.go:416] Version: v1.17.6
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: I0805 15:45:49.725245    2797 plugins.go:100] No cloud provider specified.
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: I0805 15:45:49.725308    2797 server.go:821] Client rotation is on, will bootstrap in background
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: E0805 15:45:49.730326    2797 bootstrap.go:265] part of the existing bootstrap client certificate is expired: 2024-12-05 07:11:30 +0000 UTC
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf kubelet[2797]: F0805 15:45:49.730409    2797 server.go:273] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubeletuch file or directory
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: kubelet.service: Main process exited, code=exited, status=255/n/a
Aug 05 15:45:49 k8s-master02.amngrvmm.dc01.scf systemd[1]: kubelet.service: Failed with result 'exit-code'.

kubelet 客户端证书过期

进入 /var/lib/kubelet/pki文件夹查看,kubelet的证书还是老证书 kubelet-client-2024-08-19-08-12-55.pem

shell 复制代码 
[root@k8s-master02:15 /var/lib/kubelet/pki]# ll
total 32
-rw------- 1 root root 1098 Jun  2  2020 kubelet-client-2020-06-02-11-23-02.pem
-rw------- 1 root root 1098 Apr  3  2021 kubelet-client-2021-04-03-00-58-46.pem
-rw------- 1 root root 1098 Dec 26  2021 kubelet-client-2021-12-26-17-48-17.pem
-rw------- 1 root root 1098 Oct 23  2022 kubelet-client-2022-10-23-20-49-54.pem
-rw------- 1 root root 1098 Dec  6  2023 kubelet-client-2023-12-06-15-15-55.pem
-rw------- 1 root root 1098 Aug 19  2024 kubelet-client-2024-08-19-08-12-55.pem
lrwxrwxrwx 1 root root   59 Aug 19  2024 kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2024-08-19-08-12-55.pem
-rw-r--r-- 1 root root 2315 Jun  2  2020 kubelet.crt
-rw------- 1 root root 1679 Jun  2  2020 kubelet.key

进入**/etc/kubernetes**文件夹

备份一下kubelet.conf

将kubelet.conf中的client-certificate 、client-key-data替换为admin.conf中的client-certificate-data、client-key-data

shell 复制代码 
[root@k8s-master02:20 /etc/kubernetes]# ls
admin.conf  controller-manager.conf  kubelet.conf  manifests  pki  scheduler.conf
[root@k8s-master02:21 /etc/kubernetes]# cp kubelet.conf kubelet.conf.back
[root@k8s-master02:22 /etc/kubernetes]# vim kubelet.conf

替换完成后,可以看到 /var/lib/kubelet/pki 文件夹下生成了新的kubelet-client证书kubelet-client-2025-08-05-15-57-18.pem

shell 复制代码 
[root@k8s-master02:25 /var/lib/kubelet/pki]# ll
total 36
-rw------- 1 root root 1098 Jun  2  2020 kubelet-client-2020-06-02-11-23-02.pem
-rw------- 1 root root 1098 Apr  3  2021 kubelet-client-2021-04-03-00-58-46.pem
-rw------- 1 root root 1098 Dec 26  2021 kubelet-client-2021-12-26-17-48-17.pem
-rw------- 1 root root 1098 Oct 23  2022 kubelet-client-2022-10-23-20-49-54.pem
-rw------- 1 root root 1098 Dec  6  2023 kubelet-client-2023-12-06-15-15-55.pem
-rw------- 1 root root 1098 Aug 19  2024 kubelet-client-2024-08-19-08-12-55.pem
-rw------- 1 root root 1098 Aug  5 15:57 kubelet-client-2025-08-05-15-57-18.pem
lrwxrwxrwx 1 root root   59 Aug  5 15:57 kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-2025-08-05-15-57-18.pem
-rw-r--r-- 1 root root 2315 Jun  2  2020 kubelet.crt
-rw------- 1 root root 1679 Jun  2  2020 kubelet.key

恢复kubelet.conf 中的原始配置,不恢复也可以正常使用

重启kubelet或者重启机器

再次查看master02状态 Ready,恢复正常

shell 复制代码 
[root@k8s-master01:8 /var/lib/kubelet/pki]# kubectl get nodes
NAME                             STATUS   ROLES    AGE     VERSION
k8s-master01.amngrvmm.dc01.scf   Ready    master   5y65d   v1.17.6
k8s-master02.amngrvmm.dc01.scf   Ready    master   5y65d   v1.17.6
k8s-master03.amngrvmm.dc01.scf   Ready    master   5y65d   v1.17.6
k8s-node01.amngrvmm.dc01.scf     Ready    <none>   5y65d   v1.17.6
k8s-node02.amngrvmm.dc01.scf     Ready    <none>   608d    v1.17.6
k8s-node03.amngrvmm.dc01.scf     Ready    <none>   608d    v1.17.6
相关推荐
君科程序定做35 分钟前
容器 vs 虚拟机
微服务·云原生·容器·服务发现
sheji1057 小时前
docker启动出现Error response from daemon: Container的问题【已解决】
运维·docker·容器
不爱代码的小杜8 小时前
CubeFS存储(一)
kubernetes
小白不想白a11 小时前
【docker】namespace 命名空间
运维·docker·容器
忘忧人生11 小时前
docker 容器常用命令
java·docker·容器
小z博客11 小时前
使用Docker轻松部署Zurl搭建自己的短链接服务
运维·docker·容器
David爱编程13 小时前
理解Pod的容器共享资源模型
云原生·容器·kubernetes
老七秘制小程序13 小时前
在Jetson AGX Orin上将docker目录挂载到大容量硬盘目录
docker·容器·eureka·json
Johny_Zhao15 小时前
SeaTunnel的搭建部署以及测试
linux·网络·网络安全·信息安全·kubernetes·云计算·containerd·devops·seatunnel·系统运维
热门推荐
01Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code02全球最强模型Grok4,国内已可免费使用!(附教程)03UV安装并设置国内源04ChatGPT 5发布日期揭秘:2025年8月上线,多模态推理能力全面升级05KGG转MP3工具|非KGM文件|解密音频06如何在 Cursor 中继续使用 Claude07OpenAI重返开源!GPT-OSS本地部署完全指南08Cursor 终端“卡死/无响应”问题的解法09腾讯还是太全面了,限时免费!超全CodeBuddy IDE保姆级教程!(附案例)10Claude Code 效率实战指南:从入门到精通的实用技巧(附安装教程)