飞天使-k8s知识点6-kubernetes证书更新
2023-12-22 06:49:53
查看证书有效期
kubeadm alpha certs check-expiration 查看证书信息
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Dec 20, 2024 07:37 UTC 364d no
apiserver Dec 20, 2024 07:37 UTC 364d ca no
apiserver-etcd-client Dec 20, 2024 07:37 UTC 364d etcd-ca no
apiserver-kubelet-client Dec 20, 2024 07:37 UTC 364d ca no
controller-manager.conf Dec 20, 2024 07:37 UTC 364d no
etcd-healthcheck-client Dec 20, 2024 07:37 UTC 364d etcd-ca no
etcd-peer Dec 20, 2024 07:37 UTC 364d etcd-ca no
etcd-server Dec 20, 2024 07:37 UTC 364d etcd-ca no
front-proxy-client Dec 20, 2024 07:37 UTC 364d front-proxy-ca no
scheduler.conf Dec 20, 2024 07:37 UTC 364d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Dec 17, 2033 13:41 UTC 9y no
etcd-ca Dec 17, 2033 13:41 UTC 9y no
front-proxy-ca Dec 17, 2033 13:41 UTC 9y no
执行这个进行更新证书
kubeadm alpha certs renew all
[root@kubeadm-master1 m43]# kubeadm alpha certs renew all
Command "all" is deprecated, please use the same command under "kubeadm certs"
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
然后证书会更新了
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Dec 20, 2024 14:56 UTC 364d no
apiserver Dec 20, 2024 14:56 UTC 364d ca no
apiserver-etcd-client Dec 20, 2024 14:56 UTC 364d etcd-ca no
apiserver-kubelet-client Dec 20, 2024 14:56 UTC 364d ca no
controller-manager.conf Dec 20, 2024 14:56 UTC 364d no
etcd-healthcheck-client Dec 20, 2024 14:56 UTC 364d etcd-ca no
etcd-peer Dec 20, 2024 14:56 UTC 364d etcd-ca no
etcd-server Dec 20, 2024 14:56 UTC 364d etcd-ca no
front-proxy-client Dec 20, 2024 14:56 UTC 364d front-proxy-ca no
scheduler.conf Dec 20, 2024 14:56 UTC 364d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Dec 17, 2033 13:41 UTC 9y no
etcd-ca Dec 17, 2033 13:41 UTC 9y no
front-proxy-ca Dec 17, 2033 13:41 UTC 9y no
注释haproxy 的,然后进行重启haproxy
[root@ha1 ~]# systemctl restart haproxy
[root@ha1 ~]# cat /etc/haproxy/haproxy.cfg
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:faeefa123ef
listen k8s-6443
bind 192.168.1.240:6443
mode tcp
balance roundrobin
server 192.168.1.209 192.168.1.209:6443 check inter 2s fall 3 rise 5
server 192.168.1.210 192.168.1.210:6443 check inter 2s fall 3 rise 5
#server 192.168.1.212 192.168.1.212:6443 check inter 2s fall 3 rise 5
listen k8s-nginx-80
bind 192.168.1.240:80
mode tcp
server 192.168.1.209 192.168.1.209:30004 check inter 2s fall 3 rise 5
server 192.168.1.210 192.168.1.210:30004 check inter 2s fall 3 rise 5
server 192.168.1.212 192.168.1.212:30004 check inter 2s fall 3 rise 5
文章来源:https://blog.csdn.net/startfefesfe/article/details/135134548
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!