K8S集群证书更新 当前kubernets版本v1.16.4;
一、单master节点
1、备份kubeadm配置
kubectl get cm -o yaml -n kube-system kubeadm-config > /root/k8sbak/kubeadm.yaml
2、备份kubernetes证书数据
cp -r /etc/kubernetes /etc/kubernetes.bak cp -r /var/lib/etcd /var/lib/etcd.bak
3、验证检查证书
kubeadm alpha certs check-expiration
4、更新证书
kubeadm alpha certs renew all
二、 多master节点
备份每个master节点的数据防止出错后回滚
cp -r /var/lib/etcd /var/lib/etcd.bak cp -r /etc/kubernetes /etc/kubernetes.bak kubeadm alpha certs renew etcd-healthcheck-client kubeadm alpha certs renew etcd-peer kubeadm alpha certs renew etcd-server kubeadm alpha certs renew front-proxy-client kubeadm alpha certs renew apiserver-etcd-client kubeadm alpha certs renew apiserver-kubelet-client kubeadm alpha certs renew apiserver kubeadm alpha certs renew scheduler.conf kubeadm alpha certs renew controller-manager.conf kubeadm alpha certs renew admin.conf kubeadm alpha certs check-expiration
三、重启相关服务 需要重启的服务有kube-apiserver
、kube-
controller-manager
、kube-scheduler
等。需要在所有的节点执行。
docker ps | grep kube-
docker kill -s HUP 78af16f61e7e c75e18e51063 b5831fb8c18c (对应的容器id)
四、设置配置文件 将一master主节点的.kube配置文件复制各节点
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config chmod 777 $HOME/.kube/config export KUBECONFIG=$HOME/.kube/config #在其他节点上复制主节点的配置文件到本机。 rsync -avzP "-e ssh -p 22" root@172.24.22.194:/root/.kube/config /root/.kube/