标签:sch 证书过期 rest 下载 name github dns conf const
检查证书有限期 kubeadm 部署集群默认证书有效期为一年 cd /etc/kubernetes/pki openssl x509 -in apiserver.crt -text -noout Validity Not Before: Jun 12 04:41:18 2019 GMT Not After : Jun 12 04:41:18 2020 GMT go 环境部署 wget https://dl.google.com/go/go1.12.7.linux-amd64.tar.gz tar -xf go1.12.1.linux-amd64.tar.gz -C /usr/local vi /etc/profile export PATH=$PATH:/usr/local/go/bin source /etc/profile 下载源码 git clone https://github.com/kubernetes/kubernetes.git 查看当前版本 kubeadm version [root@k8s-master kubernetes]# pwd /root/kubernetes git checkout -b remotes/origin/release-1.14.0 v1.14.0 #修改至当前版本 修改 Kubeadm 源码包更新证书策略 vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go 增加 const duration3650d = time.Hour * 24 * 365 * 100 #表示一小时24365 表示100年 NotAfter: time.Now().Add(duration36500d).UTC(), #这一行在下面修改add的值就行,如下 make WHAT=cmd/kubeadm GOFLAGS=-v #只编译kubeadm cp _output/bin/kubeadm /root/kubeadm-new
更新 kubeadm 将 kubeadm 进行替换 cp /usr/bin/kubeadm /usr/bin/kubeadm.old cp /root/kubeadm-new /usr/bin/kubeadm chmod a+x /usr/bin/kubeadm 证书更新 cp -r /etc/kubernetes/pki /etc/kubernetes/pki.old cd /etc/kubernetes/pki kubeadm alpha certs renew all 有提示可忽略 查看证书有限期 100年 cd /etc/kubernetes/pki openssl x509 -in apiserver.crt -text -noout Validity Not Before: Jun 12 04:41:18 2019 GMT Not After : Nov 18 11:22:53 2119 GMT 生成一个集群配置的yaml文件 kubeadm config view > /root/cluster.yaml cd /etc/kubernetes mkdir conf.old mv *.conf conf.old 生效 /etc/kubernetes *.conf kubeadm init phase kubeconfig all /root/cluster.yaml $ ll total 40 -rw------- 1 root root 5455 Dec 12 19:30 admin.conf drwxr-xr-x 2 root root 93 Dec 12 19:25 conf.old -rw------- 1 root root 5491 Dec 12 19:30 controller-manager.conf -rw------- 1 root root 5471 Dec 12 19:30 kubelet.conf drwxr-xr-x 2 root root 109 Jun 20 14:16 manifests drwxr-xr-x 3 root root 4096 Jun 12 2019 pki drwxr-xr-x 3 root root 4096 Dec 12 17:40 pki.old -rw------- 1 root root 5439 Dec 12 19:30 scheduler.conf 已经生成最新配置文件 其他master 节点 scp -qpr master01:/usr/bin/kubeadm master02:/usr/bin/kubeadm 然后 进行证书更新操作 和 集群配置文件生成操作 完成后依次重启 etcd kube-apiserver kube-controller-manager kube-proxy kube-scheduler 查看各个日志 没有报错则没有错 systemctl restart kubelet $ kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-c7b458cf-fxjpp 1/1 Running 0 6h26m coredns-c7b458cf-gfsqt 0/1 Terminating 0 31d coredns-c7b458cf-sxlps 1/1 Running 8 7h18m etcd-master01 1/1 Running 214 183d etcd-master02 1/1 Running 229 183d etcd-master03 1/1 Running 210 183d kube-apiserver-master01 1/1 Running 2216 72m kube-apiserver-master02 1/1 Running 1823 73m kube-apiserver-master03 1/1 Running 2155 74m kube-controller-manager-master01 1/1 Running 9441 71m kube-controller-manager-master02 1/1 Running 9780 70m kube-controller-manager-master03 1/1 Running 9431 71m kube-proxy-glqvn 1/1 Running 0 63m kube-proxy-m4fhg 1/1 Running 0 65m kube-proxy-rjrlp 1/1 Running 0 62m kube-proxy-s4pfg 1/1 Running 0 66m kube-proxy-snl7s 1/1 Running 0 62m kube-proxy-v5dfz 0/1 Terminating 0 128d kube-scheduler-master01 1/1 Running 9341 69m kube-scheduler-master02 1/1 Running 9687 69m kube-scheduler-master03 0/1 Error 9374 68m
标签:sch 证书过期 rest 下载 name github dns conf const
原文地址:https://www.cnblogs.com/lixinliang/p/12217328.html