zoukankan      html  css  js  c++  java
  • linux运维、架构之路-K8s集群证书过期时间查看

    1、打开kube-apiserver的配置文件查看证书所在路径

    kube-apiserver.conf

     2、使用cfssl-certinfo查看

    [root@k8s-node1 ssl]# cfssl-certinfo -cert server.pem 
    {
      "subject": {
        "common_name": "kubernetes",
        "country": "CN",
        "organization": "k8s",
        "organizational_unit": "System",
        "locality": "BeiJing",
        "province": "BeiJing",
        "names": [
          "CN",
          "BeiJing",
          "BeiJing",
          "k8s",
          "System",
          "kubernetes"
        ]
      },
      "issuer": {
        "common_name": "kubernetes",
        "country": "CN",
        "organization": "k8s",
        "organizational_unit": "System",
        "locality": "Beijing",
        "province": "Beijing",
        "names": [
          "CN",
          "Beijing",
          "Beijing",
          "k8s",
          "System",
          "kubernetes"
        ]
      },
      "serial_number": "624327459644422284005575554556871372314308893395",
      "sans": [
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local",
        "10.0.0.1",
        "127.0.0.1",
        "10.0.0.1",
        "192.168.56.11",
        "192.168.56.12",
        "192.168.56.13"
      ],
      "not_before": "2020-03-30T08:42:00Z",
      "not_after": "2030-03-28T08:42:00Z",此处便是证书到期时间2030年3月28日

    3、查看CA证书

    [root@k8s-node1 ssl]# cfssl-certinfo -cert ca.pem 
    {
      "subject": {
        "common_name": "kubernetes",
        "country": "CN",
        "organization": "k8s",
        "organizational_unit": "System",
        "locality": "Beijing",
        "province": "Beijing",
        "names": [
          "CN",
          "Beijing",
          "Beijing",
          "k8s",
          "System",
          "kubernetes"
        ]
      },
      "issuer": {
        "common_name": "kubernetes",
        "country": "CN",
        "organization": "k8s",
        "organizational_unit": "System",
        "locality": "Beijing",
        "province": "Beijing",
        "names": [
          "CN",
          "Beijing",
          "Beijing",
          "k8s",
          "System",
          "kubernetes"
        ]
      },
      "serial_number": "259013161977081759746876367274801379630605153819",
      "not_before": "2020-03-30T08:42:00Z",
      "not_after": "2025-03-29T08:42:00Z",

    当集群证书已过期时,通过kubectl或api接口调用的方式与集群apiserver的通讯都将被禁止,集群中的服务进程会不可用。

  • 相关阅读:
    python os的一些用法(-)
    python常用函数 time.strftime
    centos7 解压rar 文件
    centos7 开机启动设置
    python基础之Day15
    python基础之Day13
    python基础之Day12
    python基础之Day11
    python基础之Day10
    python基础之Day9
  • 原文地址:https://www.cnblogs.com/yanxinjiang/p/12893224.html
Copyright © 2011-2022 走看看