【解决办法】Kubernetes证书有效期为1年,过期后需更新证书。请参照以下步骤更新Kubernetes证书:
1)在安装Kubernetes的Master节点机器,进入etc/kubernetes/pki目录,创建备份目录:
cd /etc/kubernetes/pki/
mkdir -p ~/tmp/BACKUP_etc_kubernetes_pki/etcd/
2)备份原有的证书:
mv apiserver.crt apiserver-etcd-client.key apiserver-kubelet-client.crt front-proxy-ca.crt front-proxy-client.crt front-proxy-client.key front-proxy-ca.key apiserver-kubelet-client.key apiserver.key apiserver-etcd-client.crt ~/tmp/BACKUP_etc_kubernetes_pki/.
mv etcd/healthcheck-client.* etcd/peer.* etcd/server.* ~/tmp/BACKUP_etc_kubernetes_pki/etcd/
3)重新生成新的证书:
kubeadm init phase certs all
4)进入etc/kubernetes目录,创建备份配置文件目录,备份原有的配置文件:
cd /etc/kubernetes/
mkdir -p ~/tmp/BACKUP_etc_kubernetes
mv admin.conf controller-manager.conf kubelet.conf scheduler.conf ~/tmp/BACKUP_etc_kubernetes/.
5)重新生成配置文件:
kubeadm init phase kubeconfig all
6)重启Kubernetes Master节点:
reboot
7)复制并替换原来的文件:
mkdir -p ~/tmp/BACKUP_home_.kube
cp -r ~/.kube/* ~/tmp/BACKUP_home_.kube/.
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
8)查看更新证书后Kubernetes集群信息(使用kubectl cluster-info命令):
kubectl cluster-info
