前言:
kubeadm安装的k8s集群有一个证书问题,证书的有效期为一年,过期的话kubectl命令就会异常。解决办法如下:
查看证书是否有效:
sudo openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
输出:
Not Before: May 24 03:32:37 2019 GMT
Not After : May 23 03:32:38 2020 GMT
在当前目录下编辑配置文件kubeadm.conf并写入以下内容:
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.13.3
imageRepository: my.registry:5000/google_containers
更新证书命令:
kubeadm alpha certs renew all --config kubeadm.conf
sudo openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
输出:
Not Before: May 24 03:32:37 2019 GMT
Not After : Aug 15 09:43:03 2020 GMT
重新生成配置文件:
mv /etc/kubernetes/*.conf ~/.
kubeadm init phase kubeconfig all --config kubeadm.conf
更新.kube下的配置文件:
mv $HOME/.kube/config $HOME/.kube/config.old
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
重启kube-apiserver,kube-controller,kube-scheduler,etcd这4个容器:
docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
以上步骤实测可用,仅限于1.13.3单节点集群。