"Kubernetes"-Re-apply for a certificate@20210227

Others 2021-03-02 04:09:53 views: null

Problem Description

In Kubernetes Cluster, the certificate created when the cluster is initialized expires in one year. After the expiration, the various components of the cluster will be inaccessible.

Environment overview

Attributes information
System environment CentOS Linux release 7.4.1708 (Core)
Software version Governors v1.12.1

Solution

The problem can be solved by extending the certificate period... No need to regenerate the certificate.

The first step, backup configuration file (host node)

Ten million operations and maintenance tasks, the first data backup:

#! / bin / sh 

cp -drv / etc / kubernetes /etc/kubernetes.backup

The second step, extend the certificate period (host node)

#!/bin/sh

kubeadm -v 10 alpha phase certs renew apiserver --config /etc/kubernetes/kubeadm-config.yaml
kubeadm -v 10 alpha phase certs renew apiserver-etcd-client --config /etc/kubernetes/kubeadm-config.yaml
kubeadm -v 10 alpha phase certs renew apiserver-kubelet-client --config /etc/kubernetes/kubeadm-config.yaml

kubeadm -v 10 alpha phase certs renew etcd-healthcheck-client --config /etc/kubernetes/kubeadm-config.yaml
kubeadm -v 10 alpha phase certs renew etcd-peer --config /etc/kubernetes/kubeadm-config.yaml
kubeadm -v 10 alpha phase certs renew etcd-server  --config /etc/kubernetes/kubeadm-config.yaml

kubeadm -v 10 alpha phase certs renew front-proxy-client --config /etc/kubernetes/kubeadm-config.yaml

# Actually you can execute the kubeadm -v 10 alpha phase certs renew all command 
# But under CentOS 7.4 and kubeadm 1.12.1, the above command produces a stack overflow error............

The third step, update the configuration file (host node)

#!/bin/sh 

# Remove the old configuration 
rm -rf /etc/kubernetes/admin.conf 
rm -rf /etc/kubernetes/kubelet.conf 
rm -rf /etc/kubernetes/controller-manager.conf 
rm -rf / etc/kubernetes/scheduler.conf 

# Generate a new configuration (but actually update the client certificate) 
kubeadm alpha phase kubeconfig all

The fourth step, restart the service (all nodes)

#!/bin/sh

systemctl restart kubelet.service

Precautions

This article evolved from " Part of the existing bootstrap client certificate is expired ". Through exploration and experimentation, a solution was finally found.

Related Links

Certificate Management with kubeadm

Guess you like

Origin blog.csdn.net/u013670453/article/details/114197285
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com